Trojaner-Board - Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!!

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01

Ran by SYSTEM at 2015-01-25 19:10:25 Run:1

Running from D:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk

ShortcutTarget: F966B1E03.lnk -> C:\ProgramData\30E1B669F.cpp ()

S2 Winmgmt; C:\ProgramData\F966B1E03.zot [356864 2015-01-25] ()

S2 2e496bfb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DiscountRewards\yellowfastapp.dll",serv

S2 AllDaySavingsService64; C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\etmajyzoqm64.exe [X]

2015-01-25 13:56 - 2015-01-25 13:56 - 00356864 ____T () C:\ProgramData\F966B1E03.zot

2015-01-25 13:53 - 2015-01-25 13:53 - 00204800 _____ () C:\ProgramData\30E1B669F.cpp

Emptytemp:
 

*****************
 

C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk => Moved successfully.

C:\ProgramData\30E1B669F.cpp => Moved successfully.

Winmgmt => Service restored successfully.

2e496bfb => Service deleted successfully.

AllDaySavingsService64 => Service deleted successfully.

C:\ProgramData\F966B1E03.zot => Moved successfully.

"C:\ProgramData\30E1B669F.cpp" => File/Directory not found.

Emptytemp: => Error: This directive works only outside recovery mode.
 

==== End of Fixlog 19:10:26 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by Jan Plutke (administrator) on JAN001 on 25-01-2015 19:16:05

Running from F:\

Loaded Profiles: Jan Plutke (Available profiles: Jan Plutke)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe

(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)

HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-08] (CyberLink)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-x32\...\Run: [StatusAlerts] => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM-x32\...\Run: [PinnacleDriverCheck] => C:\windows\SysWOW64\\PSDrvCheck.exe [442368 2004-03-11] ()

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [EPSON Stylus SX200] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\MountPoints2: {55ea46ef-4698-11e2-be75-74e54378534d} - "E:\setup.exe" 

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk

ShortcutTarget: Software Director Scheduler.lnk -> C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)

Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {0CA43B3E-E804-4626-889C-7BB7B445A40E} URL = 

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {9B598B0B-D374-4451-9DFE-FD8517ED1996} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Hosts: 127.0.0.1 secure.tune-up.com

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1999916086-726414315-3245994003-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-28]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File

CHR Profile: C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (GoSavue) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe [2014-09-19]

CHR Extension: (Design my eMail) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-09-19]

CHR Extension: (RealDownloader) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-05]

CHR Extension: (Music Plus for Google Play Music) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-11-28]

CHR Extension: (Benchwarmer  Dribbble for Chrome Tabs) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2014-11-08]

CHR Extension: (Google Wallet) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]

CHR Extension: (No Name) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-05]

CHR Extension: (SaverAddon) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmenjjcdgedejjmaicpmeldjihnjejj [2014-11-08]

CHR HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)

S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)

R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]

S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [X]

S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]

S2 Update AppEnable; "C:\Program Files (x86)\AppEnable\updateAppEnable.exe" [X]

S2 Util AppEnable; "C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

S3 ASAPIW2K; C:\windows\SysWOW64\Drivers\asapiW2k.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed]

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-10-04] ()

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-04] (Microsoft Corporation)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

R1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-12-17] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

S1 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S0 BMLoad; system32\drivers\BMLoad.sys [X]

S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]

S1 netfilter64; system32\drivers\netfilter64.sys [X]

S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

S1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-25 14:29 - 2015-01-25 19:16 - 00000000 ____D () C:\FRST

2015-01-23 05:26 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

2015-01-23 05:26 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll

2015-01-21 15:59 - 2014-08-15 11:03 - 00000257 _____ () C:\Users\Jan Plutke\Downloads\XXX German-Porns XXX.url

2015-01-21 15:56 - 2014-09-07 17:14 - 3090948154 _____ () C:\Users\Jan Plutke\Downloads\Private.Paerchen.im.Sextest.TD545.mp4

2015-01-21 15:53 - 2015-01-21 15:55 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\psTD545

2015-01-21 09:22 - 2015-01-21 09:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part04.rar

2015-01-21 09:14 - 2015-01-21 09:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part03.rar

2015-01-21 09:06 - 2015-01-21 09:14 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part01.rar

2015-01-21 08:58 - 2015-01-21 09:06 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part02.rar

2015-01-21 08:56 - 2015-01-21 08:58 - 80888628 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part11.rar

2015-01-21 08:48 - 2015-01-21 08:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part05.rar

2015-01-21 08:40 - 2015-01-21 08:48 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part08.rar

2015-01-21 08:30 - 2015-01-21 08:40 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part10.rar

2015-01-21 08:22 - 2015-01-21 08:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part06.rar

2015-01-21 08:15 - 2015-01-21 08:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part09.rar

2015-01-21 08:07 - 2015-01-21 15:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part07.rar

2015-01-21 07:45 - 2015-01-21 08:07 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part2.rar

2015-01-21 07:23 - 2015-01-21 07:45 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part3.rar

2015-01-21 06:49 - 2015-01-21 07:23 - 866351449 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part4.rar

2015-01-21 06:27 - 2015-01-21 06:49 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part1.rar

2015-01-20 15:57 - 2015-01-20 15:58 - 209079409 _____ () C:\Users\Jan Plutke\Downloads\n3449.rar

2015-01-20 15:54 - 2015-01-20 15:56 - 127961778 _____ () C:\Users\Jan Plutke\Downloads\feucht.rar

2015-01-18 22:48 - 2015-01-18 22:48 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\State of Decay.url

2015-01-18 18:16 - 2015-01-18 22:48 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-18 18:16 - 2015-01-18 18:16 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\H1Z1.url

2015-01-18 18:11 - 2015-01-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-18 18:11 - 2015-01-18 18:11 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk

2015-01-18 18:11 - 2015-01-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-18 11:41 - 2015-01-18 11:41 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\SCE

2015-01-14 02:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 02:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 02:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 02:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 02:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 02:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 02:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 02:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 02:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 02:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 02:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 02:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 02:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 02:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 02:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 02:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 02:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 02:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 02:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 02:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 02:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-10 08:43 - 2015-01-10 08:45 - 62465672 _____ (DVDVideoSoft Ltd. ) C:\Users\Jan

2015-01-10 06:53 - 2015-01-10 06:53 - 00280424 _____ () C:\WINDOWS\Minidump\011015-101265-01.dmp

2015-01-05 21:31 - 2015-01-05 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay

2015-01-05 21:26 - 2013-11-30 07:58 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\State of Decay - Elamigos

2015-01-03 21:42 - 2015-01-03 21:42 - 00002094 _____ () C:\Users\Public\Desktop\Studio Launcher.lnk

2015-01-03 21:41 - 2013-08-22 04:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL485d.rra

2015-01-03 21:35 - 2003-10-21 05:15 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL

2015-01-03 21:35 - 2003-10-20 09:38 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL

2014-12-31 15:00 - 2015-01-01 07:50 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Skyrim

2014-12-30 22:26 - 2014-12-30 22:26 - 00002445 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition (Launcher).lnk

2014-12-30 22:26 - 2014-12-30 22:26 - 00002391 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk

2014-12-30 22:09 - 2015-01-01 07:53 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year)

2014-12-27 22:07 - 2014-12-27 22:07 - 00002242 _____ () C:\Users\Public\Desktop\Postal 2 Apocalypse Weekend Expansion Pack.lnk

2014-12-27 22:07 - 2014-12-27 22:07 - 00002054 _____ () C:\Users\Public\Desktop\Postal 2 Share The Pain.lnk

2014-12-26 16:03 - 2014-12-26 16:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx

2014-12-26 15:59 - 2014-12-26 15:59 - 00001323 _____ () C:\Users\Public\Desktop\Call of Duty 4 - Modern Warfare.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-25 19:14 - 2014-11-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware

2015-01-25 19:14 - 2014-11-04 20:16 - 00017940 _____ () C:\WINDOWS\setupact.log

2015-01-25 19:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-25 14:31 - 2012-12-15 09:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1999916086-726414315-3245994003-1001

2015-01-25 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-25 13:47 - 2014-11-08 15:47 - 00000322 _____ () C:\WINDOWS\Tasks\PennyBee.job

2015-01-25 10:28 - 2014-01-02 21:43 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E95950BD-F24A-4AB4-BA96-6CE26AB6F9C3}

2015-01-25 08:59 - 2012-12-15 13:35 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\vlc

2015-01-25 08:29 - 2014-01-02 21:34 - 01890871 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-24 11:41 - 2014-01-09 13:31 - 00079360 ___SH () C:\Users\Jan Plutke\Desktop\Thumbs.db

2015-01-24 04:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-22 20:47 - 2013-07-20 12:45 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\.minecraft

2015-01-22 19:34 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-22 19:34 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat

2015-01-22 19:34 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat

2015-01-22 06:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-21 14:51 - 2013-11-08 17:17 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-20 16:13 - 2013-09-28 16:37 - 00000886 _____ () C:\Users\Jan Plutke\Desktop\Downloads.lnk

2015-01-19 22:32 - 2014-12-14 01:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-19 22:32 - 2014-12-14 01:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-18 18:31 - 2012-12-15 11:00 - 00571393 _____ () C:\WINDOWS\DirectX.log

2015-01-17 21:46 - 2014-02-06 12:54 - 01837056 ___SH () C:\Users\Jan Plutke\Documents\Thumbs.db

2015-01-16 07:23 - 2014-01-03 00:24 - 00547840 ___SH () C:\Users\Jan Plutke\Downloads\Thumbs.db

2015-01-16 07:18 - 2013-07-16 00:51 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-16 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-15 22:40 - 2013-01-07 18:32 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\dvdcss

2015-01-14 05:06 - 2012-12-15 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-10 06:53 - 2014-01-13 12:12 - 00000000 ____D () C:\WINDOWS\Minidump

2015-01-10 06:50 - 2013-11-08 17:54 - 00000000 ____D () C:\Program Files (x86)\SpeedFan

2015-01-05 16:18 - 2013-10-25 10:32 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-05 16:15 - 2014-01-22 18:17 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-05 07:52 - 2013-10-11 23:27 - 00021840 ____T () C:\WINDOWS\SysWOW64\SIntfNT.dll

2015-01-05 07:52 - 2013-10-11 23:27 - 00017212 ____T () C:\WINDOWS\SysWOW64\SIntf32.dll

2015-01-05 07:52 - 2013-10-11 23:27 - 00012067 ____T () C:\WINDOWS\SysWOW64\SIntf16.dll

2015-01-05 07:52 - 2013-01-15 22:59 - 00000000 ____D () C:\Users\Jan Plutke\Desktop\Spiele

2015-01-03 23:53 - 2013-02-12 17:33 - 00001194 _____ () C:\WINDOWS\VFO.INI

2015-01-03 23:31 - 2013-02-12 18:01 - 00005270 _____ () C:\WINDOWS\attach.log

2015-01-03 22:22 - 2014-05-09 18:04 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini

2015-01-03 22:21 - 2013-02-14 18:19 - 00017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-03 22:08 - 2013-02-12 17:31 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI

2015-01-03 21:37 - 2013-02-12 17:33 - 00000107 _____ () C:\AUTOEXEC.BAT

2015-01-03 21:37 - 2013-02-12 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 10

2015-01-03 21:36 - 2013-02-17 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2015-01-03 21:34 - 2013-02-12 14:10 - 00000037 _____ () C:\WINDOWS\install_Studio10.log

2015-01-01 22:31 - 2014-10-11 10:01 - 00704821 _____ () C:\Users\Jan Plutke\Documents\Ansicht 1zu5.VLM

2015-01-01 22:31 - 2014-10-05 09:21 - 00554719 _____ () C:\Users\Jan Plutke\Documents\Bett Schnitte 01.VLM

2014-12-31 15:00 - 2012-01-17 02:19 - 00000000 ____D () C:\Users\Jan Plutke\Documents\My Games

2014-12-27 22:07 - 2013-02-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2014-12-27 22:05 - 2013-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\GOG.com

2014-12-26 15:59 - 2014-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision

2014-12-26 15:51 - 2014-02-26 09:25 - 00000000 ____D () C:\Program Files (x86)\Activision
 

==================== Files in the root of some directories =======
 

2013-02-04 16:16 - 2013-02-04 16:16 - 0001644 _____ () C:\Users\Jan Plutke\AppData\Roaming\activebarcodeapp.ini

2013-10-24 21:33 - 2013-10-28 19:09 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen

2013-10-15 21:10 - 2013-10-15 21:10 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen

2014-04-29 07:08 - 2014-10-04 07:07 - 0000000 _____ () C:\Users\Jan Plutke\AppData\Roaming\bitlord_log.txt

2013-03-17 08:44 - 2013-03-17 08:44 - 0000163 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.pls

2013-04-08 22:15 - 2013-09-21 17:32 - 0000126 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.rss

2014-03-15 09:23 - 2014-03-30 23:23 - 0000075 _____ () C:\Users\Jan Plutke\AppData\Roaming\WB.CFG

2013-02-14 18:19 - 2015-01-03 22:21 - 0017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-05 15:56 - 2014-08-05 15:56 - 0590952 _____ (ClickMeIn Limited) C:\Users\Jan Plutke\AppData\Local\nshA343.tmp

2014-09-07 17:57 - 2014-09-07 17:57 - 0000218 _____ () C:\Users\Jan Plutke\AppData\Local\recently-used.xbel
 

Some content of TEMP:

====================

C:\Users\Jan Plutke\AppData\Local\Temp\AutoRun.exe

C:\Users\Jan Plutke\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Jan Plutke\AppData\Local\Temp\Civilization4.exe

C:\Users\Jan Plutke\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Jan Plutke\AppData\Local\Temp\sfareca00001.dll

C:\Users\Jan Plutke\AppData\Local\Temp\SniperEliteV2.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-21 16:04
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by Jan Plutke at 2015-01-25 19:17:38

Running from F:\

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

 (HKLM-x32\...\Hollywood FX for Studio) (Version:  - )

337 GAMES (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)

7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)

7-Zip 9.25 alpha (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)

Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden

Akamai NetSession Interface (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alliance of Valiant Arms DE (HKLM-x32\...\Alliance of Valiant Arms DE) (Version:  - )

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

AMD Catalyst Install Manager (HKLM\...\{08D35D3C-C4F7-09FB-0F89-F680A1CCD3A3}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Amiga Forever (HKLM-x32\...\{B57AC3E9-2ED2-410E-9769-5F7FB695C21A}) (Version: 2012.2.8 - Cloanto)

Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)

Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.2 - Atheros Communications)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)

AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.0-270 - House of Life)

Blasc3 (HKLM-x32\...\{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}) (Version: 1.0.0 - Computec Media AG)

BODLoader 0.5a (HKLM-x32\...\BODLoader_is1) (Version: 0.5a - Masklin)

Call of Duty 4: Modern Warfare (HKLM-x32\...\{C1868B6B-087E-4239-97B0-87F9418BDF7A}_is1) (Version: 1.7 - RAF)

Carmageddon (HKLM-x32\...\GOGPACKCARMAGEDDON_is1) (Version: 2.0.0.63 - GOG.com)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Civilization: Call To Power (HKLM-x32\...\Activision_CivCTPUninstallKey) (Version:  - )

Curse Client (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)

CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)

CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)

CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)

CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)

Dead Rising 3 Apocalypse Edition MULTi2 1.0 (HKLM-x32\...\Dead Rising 3 Apocalypse Edition MULTi2 1.0) (Version:  - )

Dead.Island.Game.of.The.Year.Edition (HKLM-x32\...\Dead.Island.Game.of.The.Year.Edition_is1) (Version:  - )

DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)

DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden

Destroyer Command (HKLM-x32\...\Destroyer Command) (Version:  - )

Diablo II (HKLM-x32\...\Diablo II) (Version:  - )

Die Gilde Gold-Edition (HKLM-x32\...\Die Gilde Gold-Edition) (Version: 2.06 - JoWooD Productions Software AG)

Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )

Die Siedler II Gold Edition (HKLM-x32\...\Die Siedler II Gold Edition_is1) (Version:  - )

Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)

Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)

Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)

Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)

Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)

Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)

Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)

Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)

Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)

Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)

Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)

Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)

Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

Die Sims™ 3 Movie-Accessoires (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)

Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)

Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)

Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)

Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)

Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)

Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)

Die Völker 2 Gold Edition (HKLM-x32\...\{8C0A88AE-8388-42D5-9134-149BCD77E4F2}) (Version: 2.0.2 - JoWooD Productions Software AG)

Die*Sims™*3 Erstelle einen Sim (HKLM-x32\...\{89173B88-384A-459B-B687-9C0BBC934EF4}) (Version: 1.0.25 - Electronic Arts)

DiscAPI (x32 Version: 2.00.0000 - Pinnacle Systems) Hidden

DiscountsGalore (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e496bfb}) (Version:  - Software Publisher) <==== ATTENTION

DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2_is1) (Version:  - wepa)

Dungeon Keeper Gold (HKLM-x32\...\Dungeon Keeper Gold_is1) (Version:  - wepa)

EMERGENCY 5 (HKLM\...\EMERGENCY 5) (Version:  - Sixteen Tons Entertainment)

Emergency 5 (HKLM-x32\...\Emergency 5_is1) (Version:  - )

Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )

Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden

Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)

eMule (HKLM-x32\...\eMule) (Version:  - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )

EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)

Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)

Fallout 3 DLC Pack (HKLM-x32\...\Fallout 3 DLC Pack_is1) (Version:  - wepa)

Fallout 3 uncut Patch (HKLM-x32\...\Fallout 3 uncut Patch_is1) (Version:  - wepa)

Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )

Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname)

Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden

Free Video to DVD Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)

Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)

Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)

GameShadow (HKLM-x32\...\{D98C9637-93DA-44DB-B73A-B11A1192AB26}) (Version: 1.91.0000 - Aardwork Software Ltd)

Geogrid® DynPerspView (HKLM-x32\...\Geogrid_DynPerspView) (Version:  - )

GOG.com KKND Xtreme (HKLM\...\{6a53468f-bb50-458c-9fda-edb6e45237fa}.sdb) (Version:  - )

GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version:  - )

gogprivateer2 (HKLM\...\{fabae1d6-0cd1-4944-9078-0ac253a089bb}.sdb) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Ground Zero (HKLM-x32\...\Ground Zero) (Version: V1.0 - )

GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)

Gtk# for .Net 2.12.10 (HKLM-x32\...\{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}) (Version: 2.12.10 - Xamarin, Inc.)

H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)

HÄFELE easy link TEC-Service CAD (HKLM-x32\...\Häfele-EasyLink TEC-Service CAD_is1) (Version:  - )

Half-Life 2 Uncut Complete Edition MULTI-2 1.0 (HKLM-x32\...\Half-Life 2 Uncut Complete Edition MULTI-2 1.0) (Version:  - )

Half-Life(R) 2 (HKLM-x32\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)

Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)

How to Survive - Storm Warning Edition (HKLM-x32\...\How to Survive - Storm Warning Edition_is1) (Version:  - )

How to Survive (HKLM-x32\...\How to Survive_is1) (Version:  - )

HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden

hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden

HPDXP (x32 Version: 3.0.26.8 - HP) Hidden

HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)

HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden

HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden

HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden

hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden

hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden

hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden

hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)

Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden

Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Kochscout (HKLM-x32\...\Kochscout) (Version: 12.2.0 - Scoutsystems Software)

Krush, Kill 'n' Destroy Xtreme (HKLM-x32\...\GOGPACKKKNDEXTREME_is1) (Version: 2.0.0.9 - GOG.com)

LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Magicka (HKLM-x32\...\Magicka_is1) (Version:  - )

Magicka Collection (HKLM-x32\...\Magicka Collection_is1) (Version:  - )

Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version:  - )

Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{34D9106C-A947-47ED-B4AB-764736350769}) (Version: 1.6.1 - MINECRAFTinstall.net)

Minecraft1.6.1 (HKLM-x32\...\Minecraft1.6.1) (Version:  - )

Minutor (HKLM-x32\...\{0300BFF4-33A2-4DFB-979D-79AE9D324E81}) (Version: 1.6.3 - Sean Kasun)

MoO3 - Die deutsche Übersetzung (HKLM-x32\...\MoO3 - Die deutsche Übersetzung) (Version:  - )

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)

Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)

Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041031}) (Version: 8.3.312 - Nero AG)

Nero CoverDesigner (HKLM-x32\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)

Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)

Nero Suite (HKLM-x32\...\NeroMultiInstaller!UninstallKey) (Version:  - )

Nero Video 2014 (HKLM-x32\...\{1F582544-B545-4FD3-A149-E2DB7EC579C3}) (Version: 15.0.03400 - Nero AG)

NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)

Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pinnacle Hollywood FX for Studio

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Populous - The Beginning (HKLM-x32\...\Populous - The Beginning_is1) (Version:  - wepa)

Populous (HKLM-x32\...\Populous 2_is1) (Version:  - wepa)

Populous (HKLM-x32\...\Populous_is1) (Version:  - wepa)

Port Royale 3 (HKLM-x32\...\{68DED384-1F74-4AEE-8B8E-95AF15572FE3}) (Version: 1.3.3.0 - Gaming Minds Studios GmbH)

Postal 2 Share The Pain (HKLM-x32\...\Postal 2 Share The Pain_is1) (Version:  - GOG.com)

Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden

Privateer (HKLM-x32\...\Privateer) (Version:  - )

Privateer 2 - The Darkening (HKLM-x32\...\GOGPACKPRIVATEER2_is1) (Version: 2.1.0.5 - GOG.com)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

RAPID (x32 Version: 1.00.0000 - Pinnacle Systems) Hidden

ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)

RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

resident evil 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)

RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)

Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-12BB-4D88-862E-4F1000008400}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)

S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (HKLM-x32\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.02 - bitComposer Games)

S.T.A.L.K.E.R. - Clear Sky (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0001 - Deep Silver)

S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)

S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\GOGPACKSTALKERSHOC_is1) (Version: 2.0.0.5 - GOG.com)

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)

Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden

Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.00.0000 - Ubisoft)

Silent Hunter III (x32 Version: 1.00.0000 - Ubisoft) Hidden

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)

SmartSound Quicktracks Plugin (x32 Version: 3.0.2.7 - SmartSound Software Inc) Hidden

Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version:  - )

Software Director (HKLM-x32\...\Cloanto Software Director) (Version: 3.8.8.0 - Cloanto Corporation)

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

Starship Troopers (HKLM-x32\...\{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}) (Version: 0.05.2400 - Empire Interactive)

State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)

State of Decay MULTi-5 incl. Breakdown DLC 1.0 (HKLM-x32\...\State of Decay MULTi-5 incl. Breakdown DLC 1.0) (Version:  - )

State of Decay Version 1.0 u4 (HKLM-x32\...\State of Decay_is1) (Version: 1.0 u4 - Undead Labs)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stonekeep (HKLM-x32\...\Stonekeep_is1) (Version:  - GOG.com)

Studio 10 (HKLM-x32\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.0 - Pinnacle Systems)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)

Syndicate (HKLM-x32\...\Syndicate_is1) (Version:  - )

TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)

The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) Deutsche Version 1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) Deutsche Version 1.9.32.0.8) (Version: 1.9.32.0.8 - .x.X.RIDDICK.X.x.)

The Evil Within Crack FIX MULTi2 1.0 (HKLM-x32\...\The Evil Within Crack FIX MULTi2 1.0) (Version:  - )

The Evil Within MULTi2 1.0 (HKLM-x32\...\The Evil Within MULTi2 1.0) (Version:  - )

The Fall - Last Days of Gaia (HKLM-x32\...\The Fall - Last Days of Gaia) (Version:  - Silver Style Entertainment)

The Movies(TM) (x32 Version: 1.0 - Activision) Hidden

The Movies(TM) Stunts & Spezialeffekte (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.2 - Activision)

The Movies(TM) Stunts & Spezialeffekte (x32 Version: 1.0 - Ihr Firmenname) Hidden

The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)

Theme Hospital (HKLM-x32\...\Theme Hospital_is1) (Version:  - wepa)

THW Theorie (HKLM-x32\...\THWTheorie) (Version: 1.0 - Kai Blaschke)

Top50 Viewer basierend auf Geogrid®-Viewer Version 2.2 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Top50 V4) (Version:  - )

topdeal (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version:  - "")

TOPOWIN (HKLM-x32\...\TOPOWIN_is1) (Version:  - Killet Software Ing.-GbR)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)

Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)

Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)

TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden

TuneUp Utilities 2014 (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3010.8 - TuneUp Software) Hidden

TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Video Converter Packages (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Video Converter Packages) (Version:  - ) <==== ATTENTION

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden

WildWestCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - WildWestCoupon) <==== ATTENTION

Wing Commander Privateer (HKLM-x32\...\GOGPACKWINGCOMMANDERPRIVATEER_is1) (Version: 2.0.0.9 - GOG.com)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

WinX DVD Author 6.3 (HKLM-x32\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)

Wizardry 7 (DOS Version) (HKLM-x32\...\GOGPACKWIZARDRY7DOS_is1) (Version: 2.0.0.11 - GOG.com)

Wizardry 8 (HKLM-x32\...\Wizardry 8) (Version:  - )

Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version:  - )

Wolfenstein (HKLM-x32\...\{E87EFF22-3F5C-41A0-9E51-E8CEA9945AA1}_is1) (Version: v1.2 - Grosses_K)

Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare)

Wondershare Video Editor(Build 3.5.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)

WORLD IN CONFLICT: SOVIET ASSAULT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Ubisoft Entertainment)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version:  - Blizzard Entertainment)

Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 7.0.2.1201 - Xilisoft)

Yahoo Community Smartbar (HKLM-x32\...\{D62304BE-D5D3-4CCF-8973-123909491ADB}) (Version: 11.62.66.17712 - Linkury Inc.) <==== ATTENTION
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)

CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{1db65e7e-cdd6-45e1-87d7-f09ad8c3ad6c}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{a82b8768-ce56-4226-bdd5-0b01f4c96955}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
 

==================== Restore Points  =========================
 

10-01-2015 08:37:25 Geplanter Prüfpunkt

14-01-2015 05:04:59 Windows Update

18-01-2015 18:29:08 DirectX wurde installiert

21-01-2015 14:45:35 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

21-01-2015 14:47:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2012-07-26 06:26 - 2013-08-16 07:59 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 secure.tune-up.com
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {035C5247-55FE-430A-8F62-E0899D171C3F} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-04-01] (Nero AG)

Task: {06BB2A36-4EB9-44EE-9D4E-1A9780A4E2C3} - System32\Tasks\{4D17CB68-4FC3-409A-BDED-D4D906FEBE98} => pcalua.exe -a "C:\Program Files (x86)\Capcom\resident evil 4\launcher.exe" -d C:\windows\system32

Task: {0848AA39-9047-4DA2-9377-1AFC3D782456} - System32\Tasks\{DFF56ECA-D2AB-47FD-8334-70E266B6FD83} => pcalua.exe -a C:\Westwood\SUN\SUN.EXE -d C:\Westwood\SUN\ -c GrabPatches

Task: {1BFA7328-5FA0-4D8D-BB6B-4EB2E08FE914} - System32\Tasks\{C11A4756-F63F-4117-86E6-23AEC319C142} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618

Task: {1F57F9B0-190E-4F23-A3E7-137C8548B67F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION

Task: {1F8E65A6-434B-4B62-9E65-1C6E587F75FB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe

Task: {2AE1CC12-AACE-4ABA-8E3B-E31317D0F357} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)

Task: {336AEE3C-8BE9-4F69-B686-9C0678CE563D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Task: {3D9E6873-CE39-4DE7-87C7-0FE99F4A2C9C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Task: {46AEEFC6-D8D7-4CF8-BCD6-284AFE2F9BD9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)

Task: {4CE2B76F-B4F5-4F9B-8163-8BE42501336D} - System32\Tasks\{D7FDE122-74E3-44F6-B672-47ED520358FF} => pcalua.exe -a "C:\DOSGAMES\Colonization DOS-Box\DOSBox.exe" -d "C:\DOSGAMES\Colonization DOS-Box"

Task: {5526EE91-780D-4279-B002-AF5D63F91BEB} - System32\Tasks\{2F194D1B-5915-4AD3-8C91-E0175C92F7BA} => pcalua.exe -a "C:\Users\Jan Plutke\Downloads\thefall-extended-speech\thefall-extended-speech.exe" -d "C:\Users\Jan Plutke\Downloads\thefall-extended-speech"

Task: {58580F81-5701-4620-BAEF-EF79071127A9} - System32\Tasks\{D67E4997-F031-4372-BD59-3A90B16D301E} => pcalua.exe -a "J:\Eigene Programme\Nero 7.8.5.0 Premium Edition incl. Keygen - by Sch\keygen.exe" -d "J:\Eigene Programme\Nero 7.8.5.0 Premium Edition incl. Keygen - by Sch"

Task: {585D0C2B-C169-4FBA-8EC7-E1DCC2A709C0} - System32\Tasks\4814 => Wscript.exe C:\Users\JANPLU~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {5A49383C-D0E7-43B0-BDB7-2A6662609141} - System32\Tasks\{D3172102-E2D0-48C6-A90C-C4F2785F7E0F} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"

Task: {5E283565-0CC7-4E05-B5BB-DDED48C50557} - System32\Tasks\{49720D8D-2DD9-418B-8FB1-35833072C162} => pcalua.exe -a "C:\Program Files (x86)\Video DVD Maker\Uninstall.exe" -c "C:\Program Files (x86)\Video DVD Maker\install.log" -u

Task: {6088AB17-0627-4311-91B2-89C20D6092FD} - System32\Tasks\{0D2F33E8-AD45-425E-96A1-F85004B38A84} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"

Task: {6E2AAAEA-E4A1-4CF2-8A4B-E4BD6CDF5CDD} - System32\Tasks\{6DAA5C67-6663-4F43-9B6D-25525F255491} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"

Task: {7B9DC10B-2CA2-4A86-8834-41BD8AAC235F} - System32\Tasks\{764FDA44-A4AB-4DAA-BACC-98D0F4FB7787} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"

Task: {843E95ED-79BE-4943-92F4-9F3FF0971B81} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {86CDC567-F9A6-4A9D-9034-47CBDAFC1461} - System32\Tasks\{B5ABBE89-E76C-415F-A232-445BC91949A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsMain

Task: {8C0433EF-B97E-4DAC-9B24-05FCEA94EC6D} - System32\Tasks\{5BA85F15-B4DC-4434-8FD3-70AD3F2C4D36} => pcalua.exe -a "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles\PCTomb5.exe" -d "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles"

Task: {9A383C5B-9812-4E1E-9327-30739A156F53} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

Task: {A0470316-FF8B-4C6A-BB6E-2CC397BD5898} - System32\Tasks\{D41D98E0-323A-4341-BE32-C78F192F08F9} => pcalua.exe -a E:\autorun.exe -d E:\

Task: {A48E56CE-E95B-4682-8BF2-0488B76F0E94} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)

Task: {ACC866A7-5421-4DC6-8F08-B7D433555DE9} - System32\Tasks\{A8F73092-811F-486A-81C6-6667423D4073} => pcalua.exe -a "C:\Users\Jan Plutke\AppData\Local\Temp\PCTomb5.exe" -d "C:\Users\Jan Plutke\AppData\Local\Temp"

Task: {AE23D946-5AF7-44FA-B75C-C43617DE00DB} - System32\Tasks\{150C7B8D-547F-433B-BD85-7BA894D3DE94} => pcalua.exe -a "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles\PCTomb5.exe" -d "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles"

Task: {B04AF489-F926-48BF-88FC-CB8E65B91E3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {B1355C9A-B029-4F12-A9B7-AA9E05858B85} - System32\Tasks\{0832D969-93B5-430C-904D-86D8F0CAC068} => pcalua.exe -a "C:\Program Files (x86)\Pinnacle\Studio 10\programs\Studio.exe" -d "C:\Program Files (x86)\Pinnacle\Studio 10\programs"

Task: {BAA48D54-01D7-4F00-B546-A238A66FB449} - System32\Tasks\PennyBee => C:\Users\JANPLU~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {C7887589-B229-47F3-BBD5-4D07BF103189} - System32\Tasks\{4BB3A474-EB39-4822-82B5-EE8664166D4B} => pcalua.exe -a "C:\DOSGAMES\MasterOfOrion2 DOS-Box\dosbox.exe" -d "C:\DOSGAMES\MasterOfOrion2 DOS-Box"

Task: {CF515FAD-AEED-41A8-937C-4C611C153CE2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Task: {D41353D0-4F44-47FA-BF9C-D29A677DA0A8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION

Task: {E5FF6FA3-C486-488B-9A6A-B9AB2DF66A78} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {EBE03C46-293A-4B02-80E9-4248FECBCE34} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {F0CD9635-0904-498C-A17C-0605814EF3F2} - System32\Tasks\{A1F2ED42-6248-44F4-ADFD-83037105F126} => pcalua.exe -a "E:\Crack+Patch+Mod\patch 1.01\SA_Germ_upd.exe" -d "E:\Crack+Patch+Mod\patch 1.01"

Task: {F214F623-FF04-4FEB-A058-894660757D88} - System32\Tasks\{EC25D9F5-4A85-47C5-B8CE-AC3FA4FA9468} => pcalua.exe -a "C:\Users\Jan Plutke\Documents\Neues Verzeichnis\chskrtrn12.exe" -d "C:\Users\Jan Plutke\Documents\Neues Verzeichnis"

Task: {F3122405-0C83-479B-A272-E2328E31E639} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)

Task: {F75B7E02-92D4-4B4F-9862-80763127F8F5} - System32\Tasks\{B1BFF783-040C-448E-A3BC-5E6947F495E5} => pcalua.exe -a "C:\Users\Jan Plutke\Downloads\3D_Grl_F0r3v3r\3D_Grl_F0r3v3r\3D_Girls_Forefer\3dgirlz.exe" -d "C:\Users\Jan Plutke\Downloads\3D_Grl_F0r3v3r\3D_Grl_F0r3v3r\3D_Girls_Forefer"

Task: C:\WINDOWS\Tasks\PennyBee.job => C:\Users\JANPLU~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2013-10-30 10:46 - 2013-10-30 10:46 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll

2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll

2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll

2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-05-20 10:02 - 2013-05-20 10:02 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll

2013-11-08 17:17 - 2013-09-16 12:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "TODDMain"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "NBKeyScan"

HKLM\...\StartupApproved\Run32: => "PinnacleDriverCheck"

HKLM\...\StartupApproved\Run32: => "IminentMessenger"

HKLM\...\StartupApproved\Run32: => "Iminent"

HKLM\...\StartupApproved\Run32: => "VideoDownloadConverter Search Scope Monitor"

HKLM\...\StartupApproved\Run32: => "TaskTray"

HKLM\...\StartupApproved\Run32: => "Driver Genius"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7AC520344728B40E1B8CA0BEA365DF90"

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Yontoo Desktop"

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Optimizer Pro"
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-1999916086-726414315-3245994003-500 - Administrator - Disabled)

Gast (S-1-5-21-1999916086-726414315-3245994003-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1999916086-726414315-3245994003-1003 - Limited - Enabled)

Jan Plutke (S-1-5-21-1999916086-726414315-3245994003-1001 - Administrator - Enabled) => C:\Users\Jan Plutke
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/25/2015 07:17:36 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 2328. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 07:15:42 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3892. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:29:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4704. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:29:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3368. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:17:03 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4164. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:15:40 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3452. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:58:39 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5308. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:58:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 8892. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:53:44 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 10612. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:53:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 12164. Meldungs-ID: [0x2509].
 
 

System errors:

=============

Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Util AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Update AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Nero BackItUp Scheduler 3" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (01/25/2015 07:13:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1083
 

Error: (01/25/2015 07:13:52 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\windows\SysWOW64\Drivers\asapiW2k.sys
 

Error: (01/25/2015 07:13:51 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\windows\SysWOW64\Drivers\asapiW2k.sys
 

Error: (01/25/2015 07:13:26 PM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\WINDOWS\SysWow64\drivers\pclepci.sys
 
 

Microsoft Office Sessions:

=========================

Error: (01/25/2015 07:17:36 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 2328. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 07:15:42 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3892. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:29:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4704. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:29:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3368. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:17:03 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4164. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 02:15:40 PM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 3452. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:58:39 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5308. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:58:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 8892. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:53:44 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 10612. Meldungs-ID: [0x2509].
 

Error: (01/25/2015 08:53:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )

Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 12164. Meldungs-ID: [0x2509].
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-01-25 19:13:52.531

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 19:13:51.314

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:23:32.701

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:23:23.160

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:23:20.990

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:10:55.681

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:10:42.043

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:10:34.359

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:10:25.113

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

  Date: 2015-01-25 14:10:23.966

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 19%

Total physical RAM: 8144.22 MB

Available physical RAM: 6596.63 MB

Total Pagefile: 16336.22 MB

Available Pagefile: 14533.34 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB
 

==================== Drives ================================
 

Drive c: (TI30961600B) (Fixed) (Total:585.4 GB) (Free:70.79 GB) NTFS

Drive e: (State of Decay) (CDROM) (Total:1.69 GB) (Free:0 GB) CDFS

Drive f: (AUTO_JAN) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
 

==================== End Of Log ============================

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 26.01.2015

Suchlauf-Zeit: 16:31:30

Logdatei: MalebyteSuchlauf.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.01.26.06

Rootkit Datenbank: v2015.01.14.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: Jan Plutke
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 414180

Verstrichene Zeit: 27 Min, 16 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 48

PUP.Optional.AppEnable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util AppEnable, Keine Aktion durch Benutzer, [b34b4ab1aedba5914fc6b04fb4502ed2], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Keine Aktion durch Benutzer, [47b7ea112c5ded49da67ba1ddf2540c0], 

PUP.Optional.PennyBee.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, Keine Aktion durch Benutzer, [c737a5563158f44242aa3b42a36004fc], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{a69b196d-5eb2-4380-a19e-afa77f3ca813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\., In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\..9, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\., In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

Virus.Jeefo, HKLM\SOFTWARE\CLASSES\TYPELIB\{AB3C7820-1D7F-48F8-910E-E28E37832984}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\CLASSES\INTERFACE\{77889130-BE42-4B3E-9D08-77360351BE55}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\CLASSES\INTERFACE\{A23B7238-99B8-42F9-B1C9-F7826D54A4AE}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77889130-BE42-4B3E-9D08-77360351BE55}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A23B7238-99B8-42F9-B1C9-F7826D54A4AE}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{AB3C7820-1D7F-48F8-910E-E28E37832984}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ground Zero, In Quarantäne, [b846ed0e7217c4722799fe2f0302c13f], 

PUP.Optional.AdPeak.A, HKLM\SOFTWARE\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [17e79b60d8b178beeeda53a814f017e9], 

PUP.Optional.Adpeak.A, HKLM\SOFTWARE\allday savings, In Quarantäne, [8a747a819eebda5c8cd6acecee158e72], 

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [3bc38f6c296079bd4ef73fbc699b08f8], 

PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [8975629925646dc945ff8b7007fd5ca4], 

PUP.Optional.PennyBee.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, In Quarantäne, [e31b47b4cdbcd0660758d4bf28dbf709], 

PUP.Optional.AppEnable.A, HKLM\SOFTWARE\WOW6432NODE\AppEnable, In Quarantäne, [d22c4ead59308da96ea208f7e51fae52], 

PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [4eb027d4bfca5adc97305340788b7c84], 

PUP.Optional.PennyBee.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, In Quarantäne, [05f9b645494044f2b1ae395a5da66997], 

PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, In Quarantäne, [56a8b942cabf013525058f01ef1408f8], 

PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [cc3245b6a5e45ed8ff5683519a6a8e72], 

PUP.Optional.PennyBee.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PennyBee, In Quarantäne, [ec12dc1f6a1f1a1c9acc37c809fb8b75], 

PUP.Optional.AppEnable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update AppEnable, In Quarantäne, [30cec13ac6c31e1838dc37c8a65e5ba5], 

PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [916dc7340a7ff046379ae59e966d6898], 

PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [659950ab315847ef4c663265e81bbb45], 

PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [4cb2b546187152e449d8c5c55da6c13f], 

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [17e73bc0ddac2313b9d6e0f8e81c27d9], 

PUP.Optional.AppEnable.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AppEnable, In Quarantäne, [837b78832c5db482bd54649bfb098b75], 

PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, In Quarantäne, [2ad4f10ab7d21c1a133ff28f18eb8977], 

PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [41bdfcff4940f3434543e8a57e8502fe], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [7f7f7b8095f4e94daf7efdc4b74cb947], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 
 

Registrierungswerte: 4

Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PinnacleDriverCheck, C:\windows\SysWOW64\\PSDrvCheck.exe, In Quarantäne, [32cc44b7a0e940f6744c210c08fd2bd5]

PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, In Quarantäne, [659950ab315847ef4c663265e81bbb45]

PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 1.8, In Quarantäne, [2ad4f10ab7d21c1a133ff28f18eb8977]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [47b7ea112c5ded49da67ba1ddf2540c0]
 

Registrierungsdaten: 7

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[04fae2190d7c092dc83c792d82836e92]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[07f785767f0ab38318ec45616d987b85]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[8c723cbff792a4928ba56d2f1fe67c84]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[f70713e8d2b70b2bae814c507c8938c8]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[748af30851384beb0e248e0e4bba9967]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[a559b348d8b1a39322111b8129dc30d0]

PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[30ce9962e0a9211536f83e5eaa5b2bd5]
 

Ordner: 15

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy, Keine Aktion durch Benutzer, [53ab59a23851e155c57ab9887f84ae52], 

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\06F40BDF410545B99D973D7E31F688B6, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], 

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\5DFE35DD111B479D929981CA0369F4A1, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], 

PUP.Optional.QuickStart.A, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [7c82a25959301224b3a95ee99b6853ad], 

PUP.Optional.SearchProtect.A, C:\Users\Jan Plutke\AppData\Local\SearchProtect, In Quarantäne, [6c9236c5781179bdb8ea2d29ed16cc34], 

PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, In Quarantäne, [43bb916a42470432a9c6f4683ac9f808], 

PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, In Quarantäne, [43bb916a42470432a9c6f4683ac9f808], 

PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [27d7d3284346043216b84f183cc7e11f], 

PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], 

PUP.Optional.SaleItCoupon.A, C:\ProgramData\SaleItCoupon, In Quarantäne, [59a57982e2a7f73f80d1016a986bbe42], 

PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009, In Quarantäne, [9e6047b4aadf0e28bbcb9cd24cb76f91], 

PUP.Optional.ShoppingDealFactory.A, C:\ProgramData\ShoppingDealFactory, In Quarantäne, [6b936e8de5a4dd59a6efc5aba16211ef], 
 

Dateien: 93

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\06F40BDF410545B99D973D7E31F688B6\Installer.exe, Keine Aktion durch Benutzer, [53ab59a23851e155c57ab9887f84ae52], 

Virus.Jeefo, C:\Windows\SysWOW64\PSDrvCheck.exe, In Quarantäne, [32cc44b7a0e940f6744c210c08fd2bd5], 

PUP.Optional.MultiPlug, C:\ProgramData\topdeal\H33Atvj1G4lfkR.x64.dll, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], 

Virus.Jeefo, C:\Windows\SysWOW64\1602Unst.exe, In Quarantäne, [4db1a2593851cf67f3cdee3f5fa6ed13], 

Virus.Jeefo, C:\Windows\SysWOW64\javaw.exe, In Quarantäne, [f00e06f589001125ac14e34aa263bf41], 

Virus.Jeefo, C:\Windows\SysWOW64\javaws.exe, In Quarantäne, [3ac478833158f244e7d92eff58ad2dd3], 

Virus.Jeefo, C:\Windows\SysWOW64\pbsvc.exe, In Quarantäne, [639bd02bc7c2b28407b9d05d8b7a44bc], 

Virus.Jeefo, C:\Windows\SysWOW64\TubeFinder.exe, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], 

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Local\Temp\is-GO4GD.tmp\OCSetupHlp.dll, In Quarantäne, [e11d9d5e7a0fe650212bfcd0ed18956b], 

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Local\Temp\is-JK3G1.tmp\OCSetupHlp.dll, In Quarantäne, [c43a5f9c5039171fed5fd5f7c73e04fc], 

Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\12VD.dll, In Quarantäne, [f707d823f693e45295703bd61ee48e72], 

Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\XlrN.dll, In Quarantäne, [2fcfd3288207c175f11420f118eae41c], 

Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\xPR5.dll, In Quarantäne, [748a37c4a0e945f14bbaa36ea75b27d9], 

Virus.Jeefo, C:\Users\Jan Plutke\Documents\APNSetup.exe, In Quarantäne, [65994bb015747db90fb10d207e87ed13], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\Iphoto4.exe, In Quarantäne, [827cc536692026107d434fdea06524dc], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\DBU46050-DE_DEM.exe, In Quarantäne, [748ac03bc0c984b2724e14190cf96d93], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\SoftonicDownloader_fuer_nokia-pc-suite.exe, In Quarantäne, [5ca2b4478702270fb01052db0203ce32], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_110.exe, In Quarantäne, [b6489b609eeb9b9b19a7d459bf467090], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_111.exe, In Quarantäne, [7e80a2597c0da78f8f312eff31d443bd], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_111b.exe, In Quarantäne, [88768b701a6f91a5a21e9796eb1ac23e], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_113c.exe, In Quarantäne, [7f7f89723c4d1d19b010d657669fbd43], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_108.exe, In Quarantäne, [49b5ba4153364fe79a263eefbb4a649c], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109.exe, In Quarantäne, [a559e01bff8a78bed5eb57d6d53023dd], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109b.exe, In Quarantäne, [7c82cf2cc9c05adc9f21b6771beaef11], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109d.exe, In Quarantäne, [09f51be0d1b8d0661ba580ad56afcf31], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_112a.exe, In Quarantäne, [45b928d34f3a6bcb764a6fbe93723ec2], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\Minecraft.exe, In Quarantäne, [0fefda21fb8ee155d3edfb3206ff23dd], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\THW-Theorie-Setup.exe, In Quarantäne, [b34b28d3494087af823ed55833d251af], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\THW-Theorie-Update.exe, In Quarantäne, [8f6ff2097e0bd561aa1677b645c0e020], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\UNINST.EXE, In Quarantäne, [33cb4fac9decc27460601e0fe520ca36], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\vlc-2.0.2-win32.exe, In Quarantäne, [1fdffffcea9f6ec816aa38f53dc86f91], 

Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\A9CADV2Setup_uni.exe, In Quarantäne, [fa0431ca147557df6f5171bcf70e26da], 

Virus.Jeefo, C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_installer.exe, In Quarantäne, [51ad8c6f3455e94dd3edfe2f53b25ba5], 

Virus.Jeefo, C:\Users\Jan Plutke\AppData\Local\Catan\PatchClient\PatchClient.exe, In Quarantäne, [f509e11aed9c93a3dbe5da53a95ca65a], 

Virus.Jeefo, C:\Windows\Ground Zero Uninstaller.exe, In Quarantäne, [b846ed0e7217c4722799fe2f0302c13f], 

PUP.Optional.SearchProtect, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [39c540bba5e44bebd438bb5dc33fca36], 

PUP.Optional.SnapDo.A, C:\Windows\Installer\35260c3.msi, In Quarantäne, [a955c03ba9e08ea83151f4b48879817f], 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI32CD.tmp, In Quarantäne, [ed1145b6e2a7fb3b8df86ac44eb29868], 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI8287.tmp, In Quarantäne, [fa04d724553455e16124b5797a860bf5], 

PUP.Optional.SmartBar, C:\Windows\Installer\MSIC749.tmp, In Quarantäne, [ba442ecd6a1f270f285d8ea02fd15ea2], 

Virus.Jeefo, C:\Windows\Installer\{95CCACF0-010D-45F0-82BF-858643D8BC02}\ARPPRODUCTICON.exe, In Quarantäne, [05f9fcffb0d9fe38417faa830bfae719], 

Virus.Jeefo, C:\Windows\Installer\{05A55927-DB9B-4E26-BA44-828EBFF829F0}\ARPPRODUCTICON.exe, In Quarantäne, [14ea47b49ced61d5d3ed989544c17987], 

Virus.Jeefo, C:\Windows\Installer\{2432E589-6256-4513-B0BF-EFA8E325D5F0}\ARPPRODUCTICON.exe, In Quarantäne, [fa048a7190f949ed219fcd60b055ac54], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\ARPPRODUCTICON.exe, In Quarantäne, [23dbf209e6a3092d1ea288a59075e719], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut10_6DF240995887409CBF353F1A56C38003.exe, In Quarantäne, [d7271be02663d363863aec4107fe8a76], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut11_0217EAE9CF9C4AE3B8F33670ACF27D15.exe, In Quarantäne, [23db35c698f1ad89665add502dd8a957], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut131_6D3E05DE5F374DFC98ED3F281B35F247.exe, In Quarantäne, [ef0f748755342a0cd4ec1d1040c509f7], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut13_4C2B47388C9646428ED02E981743969D.exe, In Quarantäne, [6b93df1cb3d67cba5d63ab825fa6eb15], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut142_7EDEE922DCA04D2EA6D803F8BD0FB241.exe, In Quarantäne, [a559d526abdef1458739c26b20e530d0], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut14_3EA0047EAD8D42A5BED619395314D73A.exe, In Quarantäne, [ae50689357320e28328e59d4e81df50b], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut15_CD78524853174D8B8F30BCD1A6957A72.exe, In Quarantäne, [ab53b04bbecb1125b30d30fdda2bba46], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut16_9E846B9A08944489B754071472ABF315.exe, In Quarantäne, [15e9ce2d14750036744c33fa26df3cc4], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut17_3C64864E0738475A9380935F65929AF9.exe, In Quarantäne, [8876c437ed9c9e98299784a9b25337c9], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut19_5EAF8FEB439B4A98BB94FFB2462F291E.exe, In Quarantäne, [1de1dd1e1f6a7cbab7094de09174e41c], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut1_DBCEECDC6A79490C955E22764894C3FC.exe, In Quarantäne, [bb43ed0e86030a2c754bd35ac73e6e92], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut201_BAE7AB4582194F22919B5000C7E733E4.exe, In Quarantäne, [d12d48b3c7c2290debd57cb1bc499d63], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut20_55066703537D45AFAB081828A45DA761.exe, In Quarantäne, [9d61be3dfc8d4cea12ae969701048a76], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut24_E96AB0EA3CF9444A893E0E644D27DCDA.exe, In Quarantäne, [4cb200fbcabf092d9c2471bcbd488779], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut41_321160F9871640C488AF8F98172CDFE6.exe, In Quarantäne, [41bddf1ce8a1a294239dfc3119ec35cb], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut44_2C6DAE9F337349CCBBFC87097820043D.exe, In Quarantäne, [9b63f308503970c6d1ef9e8f33d2936d], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut45_BE6AE4BB5F1D414D9EF3CFD7CF7A7AFE.exe, In Quarantäne, [9668b348bacf41f503bd909d30d539c7], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut48_7B0A76532D884976A271EEAE1C71C8A7.exe, In Quarantäne, [f50950abdbae5fd7b40c49e4778e29d7], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut4_437750E78E7D442D94BCB0731B5C7FE7.exe, In Quarantäne, [21dd50ab0e7b7fb7b0109d9009fc9e62], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut511_6E93C4F8FE5B4C44A3F9FC5E0CA56FFE.exe, In Quarantäne, [956910ebdeab39fd4d73a48939cc07f9], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut51_51FF35262D5944729522FB73B8CE1B06.exe, In Quarantäne, [22dcbb402e5b013587398aa3a16411ef], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut5_0CE52F6BFC2446469E6195E88305CF85.exe, In Quarantäne, [f6089269eb9eab8b17a977b68e778b75], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut8_F5BA23BC73DF4339A0A29E0D5C77705E.exe, In Quarantäne, [08f61ae1c8c15adcad13d459a560f40c], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut9_69373C27898047C9B9AA14AA08AF76CE.exe, In Quarantäne, [6d9123d84d3c84b25c646fbe749147b9], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut141_A7821042BF694EB0B3E590776763D307.exe, In Quarantäne, [28d66794a2e74de9714fa885e91cff01], 

Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut38_CAA2B7670B4443F1A8D311935BA7436F.exe, In Quarantäne, [26d8ad4ee6a33afccdf3b578a164ed13], 

Virus.Jeefo, C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe, In Quarantäne, [34cad12ab2d77bbb0fb1b17c3fc61ee2], 

Virus.Jeefo, C:\Windows\Installer\{FF07604E-C860-40E9-A230-E37FA41F103A}\ARPPRODUCTICON.exe, In Quarantäne, [54aa6794f19800364779f73680852ad6], 

PUP.Optional.SmartBar, C:\Windows\Installer\MSI8287.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [54aa43b809800d2996ef9a94f80839c7], 

Virus.Jeefo, C:\Windows\Installer\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}\ARPPRODUCTICON.exe, In Quarantäne, [807e8b702b5ec76f447c5dd0fe07966a], 

PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64.sys, In Quarantäne, [2ad4b348d7b2b38381852474da294ab6], 

PUP.Optional.PennyBee.A, C:\Windows\Tasks\PennyBee.job, In Quarantäne, [c43adf1c6d1c9d99dc8c0ef1000442be], 

PUP.Optional.PennyBee.A, C:\Windows\System32\Tasks\PennyBee, In Quarantäne, [85799f5c76134fe78fda13eca95be21e], 

PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\5DFE35DD111B479D929981CA0369F4A1\SkypeSetupFullUpgrade-6.18.0.106.exe, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], 

PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.dat, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.exe, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.tlb, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\bkup.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\config.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\info.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\TTL.DAT, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], 

PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\kzhxnitccw.dll, In Quarantäne, [27d7d3284346043216b84f183cc7e11f], 

PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\libeay32.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], 

PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\nfapi.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], 

PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\ProtocolFilters.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], 

PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\ssleay32.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], 

PUP.Optional.ShoppingDealFactory.A, C:\ProgramData\ShoppingDealFactory\ShoppingDealFactory.exe, In Quarantäne, [6b936e8de5a4dd59a6efc5aba16211ef], 

PUP.Optional.Trovi, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (                "search_url": "hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=",), Ersetzt,[fc0213e84f3ad6609cc33fa100055ba5]

PUP.Optional.Conduit, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (                "suggest_url": "hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}"), Ersetzt,[22dc65964d3c5fd7510fedf3867f8c74]
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Code:

# AdwCleaner v4.109 - Bericht erstellt am 26/01/2015 um 17:07:49

# Aktualisiert 24/01/2015 von Xplode

# Database : 2015-01-25.1 [Live]

# Betriebssystem : Windows 8.1  (64 bits)

# Benutzername : Jan Plutke - JAN001

# Gestartet von : C:\Users\Jan Plutke\Desktop\AdwCleaner_4.109.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : CltMngSvc

Dienst Gelöscht : netfilter64

[#] Dienst Gelöscht : pennybee

[#] Dienst Gelöscht : SPPD

[#] Dienst Gelöscht : Util AppEnable

[#] Dienst Gelöscht : Update AppEnable
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\ytd video downloader

Ordner Gelöscht : C:\ProgramData\drivergenius

Ordner Gelöscht : C:\ProgramData\GoSSave

Ordner Gelöscht : C:\ProgramData\saveron

Ordner Gelöscht : C:\ProgramData\YYOutubeAdBulocke

Ordner Gelöscht : C:\ProgramData\ddf79c188ac3433d

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup

Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro

Ordner Gelöscht : C:\Program Files (x86)\video download converter

Ordner Gelöscht : C:\Program Files (x86)\GoSSave

Ordner Gelöscht : C:\Program Files (x86)\YYOutubeAdBulocke

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser

Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Chromatic Browser

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\torch

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\CrashRpt

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\ap_logs

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\OpenCandy

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\Optimizer Pro

Ordner Gelöscht : C:\Users\Jan Plutke\Documents\Optimizer Pro

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmenjjcdgedejjmaicpmeldjihnjejj

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe

Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
 

***** [ Tasks ] *****
 

Task Gelöscht : Optimizer Pro Schedule
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6e10973b-3b52-4a6c-981e-3de4b3071f71}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC87A650-207D-4392-A6A1-82ADBC56FA64}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e10973b-3b52-4a6c-981e-3de4b3071f71}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6e10973b-3b52-4a6c-981e-3de4b3071f71}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6e10973b-3b52-4a6c-981e-3de4b3071f71}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6e10973b-3b52-4a6c-981e-3de4b3071f71}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}

Schlüssel Gelöscht : HKCU\Software\eSupport.com

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Optimizer Pro

Schlüssel Gelöscht : HKCU\Software\PennyBee

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings 

Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll

Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.ask.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.softonic.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\topowin.softonic.de

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 
 

-\\ Google Chrome v35.0.1916.114
 

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dhgadcdcciaadmkdmnifpglddibhhdoe

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pjmenjjcdgedejjmaicpmeldjihnjejj

[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
 

-\\ Chromium v
 

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
 

-\\ Comodo Dragon v
 

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
 

-\\ Chrome Canary v
 

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}

[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=

[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
 

*************************
 

AdwCleaner[R0].txt - [49117 octets] - [06/07/2014 11:56:36]

AdwCleaner[R1].txt - [18243 octets] - [09/08/2014 05:33:24]

AdwCleaner[R2].txt - [14638 octets] - [26/01/2015 17:06:20]

AdwCleaner[S0].txt - [44741 octets] - [06/07/2014 11:57:59]

AdwCleaner[S1].txt - [15285 octets] - [09/08/2014 05:34:04]

AdwCleaner[S2].txt - [20952 octets] - [26/01/2015 17:07:49]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [21013 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 8.1 x64

Ran by Jan Plutke on 26.01.2015 at 17:14:21,64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26.01.2015 at 17:20:07,74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by Jan Plutke (administrator) on JAN001 on 26-01-2015 17:22:42

Running from F:\

Loaded Profiles: Jan Plutke (Available profiles: Jan Plutke)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe

(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)

HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)

HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)

HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)

HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-08] (CyberLink)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-x32\...\Run: [StatusAlerts] => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [EPSON Stylus SX200] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\MountPoints2: {55ea46ef-4698-11e2-be75-74e54378534d} - "E:\setup.exe" 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk

ShortcutTarget: Software Director Scheduler.lnk -> C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)

Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/

HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {0CA43B3E-E804-4626-889C-7BB7B445A40E} URL = 

SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {9B598B0B-D374-4451-9DFE-FD8517ED1996} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 secure.tune-up.com

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1999916086-726414315-3245994003-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon

FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-28]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()

CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File

CHR Profile: C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Design my eMail) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-09-19]

CHR Extension: (RealDownloader) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-05]

CHR Extension: (Music Plus for Google Play Music) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-11-28]

CHR Extension: (Benchwarmer  Dribbble for Chrome Tabs) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2014-11-08]

CHR Extension: (Google Wallet) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)

R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)

S3 ASAPIW2K; C:\windows\SysWOW64\Drivers\asapiW2k.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed]

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-10-04] ()

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-04] (Microsoft Corporation)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

R1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-12-17] ()

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

S1 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S0 BMLoad; system32\drivers\BMLoad.sys [X]

S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]

S1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-26 17:20 - 2015-01-26 17:20 - 00000689 _____ () C:\Users\Jan Plutke\Desktop\JRT.txt

2015-01-26 17:14 - 2015-01-26 17:14 - 00000000 ____D () C:\WINDOWS\ERUNT

2015-01-26 17:03 - 2015-01-26 17:03 - 00029330 _____ () C:\MalebyteSuchlauf.txt

2015-01-26 16:30 - 2015-01-26 16:30 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-26 16:30 - 2015-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-26 16:29 - 2015-01-26 16:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan Plutke\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-26 16:29 - 2015-01-26 16:29 - 02194432 _____ () C:\Users\Jan Plutke\Desktop\AdwCleaner_4.109.exe

2015-01-26 16:29 - 2015-01-26 16:29 - 01707939 _____ (Thisisu) C:\Users\Jan Plutke\Desktop\JRT.exe

2015-01-26 14:51 - 2015-01-26 15:28 - 00001291 _____ () C:\Users\Jan Plutke\Desktop\Revo Uninstaller.lnk

2015-01-26 14:50 - 2015-01-26 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-25 14:29 - 2015-01-26 17:22 - 00000000 ____D () C:\FRST

2015-01-23 05:26 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

2015-01-23 05:26 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll

2015-01-21 15:59 - 2014-08-15 11:03 - 00000257 _____ () C:\Users\Jan Plutke\Downloads\XXX German-Porns XXX.url

2015-01-21 15:56 - 2014-09-07 17:14 - 3090948154 _____ () C:\Users\Jan Plutke\Downloads\Private.Paerchen.im.Sextest.TD545.mp4

2015-01-21 15:53 - 2015-01-21 15:55 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\psTD545

2015-01-21 09:22 - 2015-01-21 09:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part04.rar

2015-01-21 09:14 - 2015-01-21 09:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part03.rar

2015-01-21 09:06 - 2015-01-21 09:14 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part01.rar

2015-01-21 08:58 - 2015-01-21 09:06 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part02.rar

2015-01-21 08:56 - 2015-01-21 08:58 - 80888628 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part11.rar

2015-01-21 08:48 - 2015-01-21 08:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part05.rar

2015-01-21 08:40 - 2015-01-21 08:48 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part08.rar

2015-01-21 08:30 - 2015-01-21 08:40 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part10.rar

2015-01-21 08:22 - 2015-01-21 08:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part06.rar

2015-01-21 08:15 - 2015-01-21 08:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part09.rar

2015-01-21 08:07 - 2015-01-21 15:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part07.rar

2015-01-21 07:45 - 2015-01-21 08:07 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part2.rar

2015-01-21 07:23 - 2015-01-21 07:45 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part3.rar

2015-01-21 06:49 - 2015-01-21 07:23 - 866351449 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part4.rar

2015-01-21 06:27 - 2015-01-21 06:49 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part1.rar

2015-01-20 15:57 - 2015-01-20 15:58 - 209079409 _____ () C:\Users\Jan Plutke\Downloads\n3449.rar

2015-01-20 15:54 - 2015-01-20 15:56 - 127961778 _____ () C:\Users\Jan Plutke\Downloads\feucht.rar

2015-01-18 22:48 - 2015-01-18 22:48 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\State of Decay.url

2015-01-18 18:16 - 2015-01-18 22:48 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-18 18:16 - 2015-01-18 18:16 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\H1Z1.url

2015-01-18 18:11 - 2015-01-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-18 18:11 - 2015-01-18 18:11 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk

2015-01-18 18:11 - 2015-01-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-18 11:41 - 2015-01-18 11:41 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\SCE

2015-01-14 02:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 02:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 02:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 02:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 02:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 02:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 02:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 02:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 02:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 02:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 02:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 02:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 02:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 02:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 02:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 02:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 02:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 02:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 02:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 02:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 02:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 02:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 02:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-10 08:43 - 2015-01-10 08:45 - 62465672 _____ (DVDVideoSoft Ltd. ) C:\Users\Jan

2015-01-10 06:53 - 2015-01-10 06:53 - 00280424 _____ () C:\WINDOWS\Minidump\011015-101265-01.dmp

2015-01-05 21:31 - 2015-01-05 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay

2015-01-05 21:26 - 2013-11-30 07:58 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\State of Decay - Elamigos

2015-01-03 21:42 - 2015-01-03 21:42 - 00002094 _____ () C:\Users\Public\Desktop\Studio Launcher.lnk

2015-01-03 21:41 - 2013-08-22 04:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL485d.rra

2015-01-03 21:35 - 2003-10-21 05:15 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL

2015-01-03 21:35 - 2003-10-20 09:38 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL

2014-12-31 15:00 - 2015-01-01 07:50 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Skyrim

2014-12-30 22:26 - 2014-12-30 22:26 - 00002445 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition (Launcher).lnk

2014-12-30 22:26 - 2014-12-30 22:26 - 00002391 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk

2014-12-30 22:09 - 2015-01-01 07:53 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year)

2014-12-27 22:07 - 2014-12-27 22:07 - 00002242 _____ () C:\Users\Public\Desktop\Postal 2 Apocalypse Weekend Expansion Pack.lnk

2014-12-27 22:07 - 2014-12-27 22:07 - 00002054 _____ () C:\Users\Public\Desktop\Postal 2 Share The Pain.lnk
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-26 17:21 - 2012-12-15 09:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1999916086-726414315-3245994003-1001

2015-01-26 17:11 - 2014-11-08 18:49 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-26 17:10 - 2014-11-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware

2015-01-26 17:10 - 2014-11-04 20:16 - 00018017 _____ () C:\WINDOWS\setupact.log

2015-01-26 17:10 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-26 17:09 - 2013-11-13 23:18 - 00142098 _____ () C:\WINDOWS\PFRO.log

2015-01-26 17:08 - 2014-07-06 11:56 - 00000000 ____D () C:\AdwCleaner

2015-01-26 17:02 - 2014-04-22 16:15 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Akamai

2015-01-26 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Vss

2015-01-26 17:02 - 2012-12-15 11:15 - 00000000 ____D () C:\Users\Jan Plutke\Eigene Datien

2015-01-26 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-26 16:54 - 2014-01-02 21:34 - 02077698 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-26 16:30 - 2014-11-08 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-26 14:51 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-26 14:51 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat

2015-01-26 14:51 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat

2015-01-26 14:11 - 2014-01-02 21:43 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E95950BD-F24A-4AB4-BA96-6CE26AB6F9C3}

2015-01-25 08:59 - 2012-12-15 13:35 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\vlc

2015-01-24 11:41 - 2014-01-09 13:31 - 00079360 ___SH () C:\Users\Jan Plutke\Desktop\Thumbs.db

2015-01-24 04:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-22 20:47 - 2013-07-20 12:45 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\.minecraft

2015-01-22 06:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-21 14:51 - 2013-11-08 17:17 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-20 16:13 - 2013-09-28 16:37 - 00000886 _____ () C:\Users\Jan Plutke\Desktop\Downloads.lnk

2015-01-19 22:32 - 2014-12-14 01:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-19 22:32 - 2014-12-14 01:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-18 18:31 - 2012-12-15 11:00 - 00571393 _____ () C:\WINDOWS\DirectX.log

2015-01-17 21:46 - 2014-02-06 12:54 - 01837056 ___SH () C:\Users\Jan Plutke\Documents\Thumbs.db

2015-01-16 07:23 - 2014-01-03 00:24 - 00547840 ___SH () C:\Users\Jan Plutke\Downloads\Thumbs.db

2015-01-16 07:18 - 2013-07-16 00:51 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-16 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-15 22:40 - 2013-01-07 18:32 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\dvdcss

2015-01-14 05:06 - 2012-12-15 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-10 06:53 - 2014-01-13 12:12 - 00000000 ____D () C:\WINDOWS\Minidump

2015-01-10 06:50 - 2013-11-08 17:54 - 00000000 ____D () C:\Program Files (x86)\SpeedFan

2015-01-05 16:18 - 2013-10-25 10:32 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-05 16:15 - 2014-01-22 18:17 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-05 07:52 - 2013-10-11 23:27 - 00021840 ____T () C:\WINDOWS\SysWOW64\SIntfNT.dll

2015-01-05 07:52 - 2013-10-11 23:27 - 00017212 ____T () C:\WINDOWS\SysWOW64\SIntf32.dll

2015-01-05 07:52 - 2013-10-11 23:27 - 00012067 ____T () C:\WINDOWS\SysWOW64\SIntf16.dll

2015-01-05 07:52 - 2013-01-15 22:59 - 00000000 ____D () C:\Users\Jan Plutke\Desktop\Spiele

2015-01-03 23:53 - 2013-02-12 17:33 - 00001194 _____ () C:\WINDOWS\VFO.INI

2015-01-03 23:31 - 2013-02-12 18:01 - 00005270 _____ () C:\WINDOWS\attach.log

2015-01-03 22:22 - 2014-05-09 18:04 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini

2015-01-03 22:21 - 2013-02-14 18:19 - 00017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-03 22:08 - 2013-02-12 17:31 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI

2015-01-03 21:37 - 2013-02-12 17:33 - 00000107 _____ () C:\AUTOEXEC.BAT

2015-01-03 21:37 - 2013-02-12 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 10

2015-01-03 21:36 - 2013-02-17 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2015-01-03 21:34 - 2013-02-12 14:10 - 00000037 _____ () C:\WINDOWS\install_Studio10.log

2015-01-01 22:31 - 2014-10-11 10:01 - 00704821 _____ () C:\Users\Jan Plutke\Documents\Ansicht 1zu5.VLM

2015-01-01 22:31 - 2014-10-05 09:21 - 00554719 _____ () C:\Users\Jan Plutke\Documents\Bett Schnitte 01.VLM

2014-12-31 15:00 - 2012-01-17 02:19 - 00000000 ____D () C:\Users\Jan Plutke\Documents\My Games

2014-12-27 22:07 - 2013-02-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

2014-12-27 22:05 - 2013-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\GOG.com
 

==================== Files in the root of some directories =======
 

2013-02-04 16:16 - 2013-02-04 16:16 - 0001644 _____ () C:\Users\Jan Plutke\AppData\Roaming\activebarcodeapp.ini

2013-10-24 21:33 - 2013-10-28 19:09 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen

2013-10-15 21:10 - 2013-10-15 21:10 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen

2014-04-29 07:08 - 2014-10-04 07:07 - 0000000 _____ () C:\Users\Jan Plutke\AppData\Roaming\bitlord_log.txt

2013-03-17 08:44 - 2013-03-17 08:44 - 0000163 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.pls

2013-04-08 22:15 - 2013-09-21 17:32 - 0000126 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.rss

2014-03-15 09:23 - 2014-03-30 23:23 - 0000075 _____ () C:\Users\Jan Plutke\AppData\Roaming\WB.CFG

2013-02-14 18:19 - 2015-01-03 22:21 - 0017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-05 15:56 - 2014-08-05 15:56 - 0590952 _____ (ClickMeIn Limited) C:\Users\Jan Plutke\AppData\Local\nshA343.tmp

2014-09-07 17:57 - 2014-09-07 17:57 - 0000218 _____ () C:\Users\Jan Plutke\AppData\Local\recently-used.xbel
 

Some content of TEMP:

====================

C:\Users\Jan Plutke\AppData\Local\Temp\AutoRun.exe

C:\Users\Jan Plutke\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Jan Plutke\AppData\Local\Temp\Civilization4.exe

C:\Users\Jan Plutke\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Jan Plutke\AppData\Local\Temp\sfareca00001.dll

C:\Users\Jan Plutke\AppData\Local\Temp\SniperEliteV2.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-25 19:25
 

==================== End Of Log ============================

--- --- ---

--- --- ---