Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 Umbenennung Chrome Browser, Installation Continue Live Installation

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.12.2014, 23:26   #1
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo!

Vor zwei Tagen hat sich nach einem Windows Update mein Chrome Browser umbenannt (leider weiß ich nicht mehr wie) und mehrere Programme (youtube-, facebook- und amazon-Verknüpfungen) wurden installiert. Mein Freund hat dieses Problem irgendwie beseitigen können (leider weiß er nicht mehr genau wie). Die Logs meines AVG Virenscanners vom 20.12. poste ich unten als erstes. Heute habe ich das Programm "Continue Live Installation" auf meinem Desktop gefunden und hier in dem Forum bin ich drauf gestoßen, dass das Problem wohl noch längst nicht beseitigt ist...
Vielen Dank schon mal im Voraus!
Code:
ATTFilter
"";"Potenziell unerwünschte Anwendung: Downloader.CBD, C:\Users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33C1B628\Setup[2].exe";"Gesichert"
"";"MalSign.MyBackup.940 gefunden, C:\Users\Wilhelm\AppData\Local\Temp\CloudBackup4159.exe";"Gesichert"
"";"MalSign.MyBackup.940 gefunden, C:\Users\Wilhelm\AppData\Local\Temp\CloudBackup1457.exe";"Gesichert"
"";"MalSign.Generic.7D7 gefunden, C:\Users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33C1B628\aff_setup[2].exe";"Gesichert"
"";"MalSign.Generic.7D7 gefunden, C:\Users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33C1B628\aff_setup[1].exe";"Gesichert"
"";"Beschädigte ausführbare Datei, C:\Users\Wilhelm\AppData\Local\Temp\{CD5DC4C0-E789-44C4-99B6-470E2255B9D4}-34.0.1847.137_34.0.1847.131_chrome_updater.exe";"Gesichert"
"";"Adware: Generic6.CKA, C:\ProgramData\PurpleRain\PurpleRain.exe";"Gesichert"
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:40 on 22/12/2014 (Wilhelm)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Wilhelm at 2014-12-22 23:44:24
Running from C:\Users\Wilhelm\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Benutzerhandbuch (x32 Version: 2.0.0.2 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CSI - Tödliche Verschwörung (HKLM-x32\...\CSI - Tödliche Verschwörung) (Version: 1.0.0.0 - Ubisoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVDFab 8.1.8.5 (24/05/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.3.20130522 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.8 - Lenovo)
Energy Management (x32 Version: 6.0.2.8 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.4.4_WHQL (HKLM\...\Elantech) (Version: 8.0.4.4 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Wilhelm (administrator) on WILHELM-PC on 22-12-2014 23:43:22
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-23 00:01:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Wilhelm\AppData\Local\Temp\uwriyfow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                          fffff800035bc000 45 bytes [00, 00, 53, 02, 50, 72, 6F, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                          fffff800035bc02f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                 0000000075dd1465 2 bytes [DD, 75]
.text     C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                               0000000075dd1465 2 bytes [DD, 75]
.text     C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe[1952] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                              0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[2156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075dd1465 2 bytes [DD, 75]
.text     C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[2156] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\AVG Secure Search\vprot.exe[3748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                            0000000075dd1465 2 bytes [DD, 75]
.text     C:\Program Files (x86)\AVG Secure Search\vprot.exe[3748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                           0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                0000000075dd1465 2 bytes [DD, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                               0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[556] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                      0000000075dd1465 2 bytes [DD, 75]
.text     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[556] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                     0000000075dd14bb 2 bytes [DD, 75]
.text     ...                                                                                                                                                                                                                         * 2
?         C:\windows\system32\mssprxy.dll [556] entry point in ".rdata" section                                                                                                                                                       000000006a1671e6
---- Processes - GMER 2.1 ----

Process   C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1588] (WindowsProtectManger Service/Fuyu LIMITED)(2014-12-14 19:31:29)  0000000001020000

---- Registry - GMER 2.1 ----
         

Alt 23.12.2014, 06:39   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 23.12.2014, 09:29   #3
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo!
Vielen Dank für die schnelle Antwort!
Hab Combofix durchgeführt:
Code:
ATTFilter
ComboFix 14-12-14.01 - Wilhelm 23.12.2014   9:57.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.2388 [GMT 1:00]
ausgeführt von:: c:\users\Wilhelm\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1837308050
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{03700450-84DD-4299-BD6E-DE43CD6B2A19}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2D8233D3-7B8E-47A0-A26A-206331FC8DAE}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{33EB16EA-0D38-4B11-B619-C2EA361738D9}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67710C85-AB9B-4F70-8678-653DEFCAADDD}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{849E2D27-E63E-4B5C-905F-A92692C72BF2}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9308A3F4-C418-4B37-8EA9-CC7211A5E12A}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C68605C4-9532-4A33-A10A-73BB6D0CF28D}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F27A2998-E2D4-48F2-A1C8-A751EDD5F1AC}.xps
c:\users\Wilhelm\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F831BE6E-6292-4BA1-A7B3-27202956E5B6}.xps
c:\windows\s.bat
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-23 bis 2014-12-23  ))))))))))))))))))))))))))))))
.
.
2014-12-22 22:43 . 2014-12-22 22:44	--------	d-----w-	C:\FRST
2014-12-22 22:00 . 2014-12-23 08:43	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-22 22:00 . 2014-12-22 22:00	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 22:00 . 2014-12-22 22:00	--------	d-----w-	c:\programdata\Malwarebytes
2014-12-22 22:00 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-12-22 22:00 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-12-22 22:00 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-12-18 06:06 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-18 06:06 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-17 16:38 . 2014-12-17 16:38	1487840	----a-w-	c:\users\Wilhelm\AppData\Roaming\PEHLZF.exe
2014-12-17 16:38 . 2014-12-17 16:38	1967584	----a-w-	c:\users\Wilhelm\AppData\Roaming\WNOTDII.exe
2014-12-17 16:37 . 2014-12-17 16:37	--------	d-----w-	c:\users\Wilhelm\AppData\Local\globalUpdate
2014-12-17 16:36 . 2014-12-17 16:36	2225	----a-w-	c:\windows\patsearch.bin
2014-12-14 19:34 . 2014-12-14 19:34	--------	d-----w-	c:\users\Wilhelm\AppData\Roaming\dlg
2014-12-14 19:31 . 2014-12-14 19:31	--------	d-----w-	c:\programdata\PicColorData
2014-12-14 19:31 . 2014-12-14 09:53	378640	----a-w-	c:\windows\system32\ColorMedia64.dll
2014-12-14 19:31 . 2014-12-14 09:53	332568	----a-w-	c:\windows\SysWow64\ColorMedia.dll
2014-12-14 19:31 . 2014-12-20 14:56	--------	d-----w-	c:\programdata\PurpleRain
2014-12-14 19:31 . 2014-12-14 19:31	--------	d-----w-	c:\programdata\WindowsMangerProtect
2014-12-10 21:39 . 2014-07-07 02:06	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-10 21:39 . 2014-07-07 02:06	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-10 21:39 . 2014-07-07 02:02	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-10 21:39 . 2014-07-07 01:39	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-10 21:39 . 2014-07-07 01:37	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-10 21:39 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-10 21:39 . 2014-07-07 02:06	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-10 21:39 . 2014-07-07 01:40	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-10 21:39 . 2014-07-07 01:39	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-10 21:39 . 2014-10-18 02:05	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-10 17:06 . 2014-11-08 03:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-10 17:06 . 2014-11-08 02:45	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-12-10 17:06 . 2014-11-11 03:09	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-10 17:06 . 2014-11-11 02:44	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 17:06 . 2014-11-11 01:46	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-12-10 17:01 . 2014-10-30 02:03	165888	----a-w-	c:\windows\system32\charmap.exe
2014-12-10 17:01 . 2014-10-30 01:45	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-12-10 17:01 . 2014-10-03 02:12	310272	----a-w-	c:\windows\system32\WsmWmiPl.dll
2014-12-10 17:01 . 2014-10-03 02:12	2020352	----a-w-	c:\windows\system32\WsmSvc.dll
2014-12-10 17:01 . 2014-10-03 02:12	346624	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:01 . 2014-10-03 02:12	181248	----a-w-	c:\windows\system32\WsmAuto.dll
2014-12-10 17:01 . 2014-10-03 02:11	266240	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 17:01 . 2014-10-03 01:45	248832	----a-w-	c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 17:01 . 2014-10-03 01:45	214016	----a-w-	c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 17:01 . 2014-10-03 01:45	145920	----a-w-	c:\windows\SysWow64\WsmAuto.dll
2014-12-10 17:01 . 2014-10-03 01:45	1177088	----a-w-	c:\windows\SysWow64\WsmSvc.dll
2014-12-10 17:01 . 2014-10-03 01:44	198656	----a-w-	c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-08 20:24 . 2014-12-08 20:24	260888	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-12-06 07:05 . 2014-12-18 18:09	--------	d-----w-	c:\users\TEMP.Wilhelm-PC.001
2014-12-01 20:29 . 2014-12-01 20:29	--------	d-----w-	c:\users\Wilhelm\AppData\Roaming\AVG2015
2014-12-01 20:24 . 2014-12-20 13:46	--------	d-----w-	c:\programdata\AVG2015
2014-12-01 20:18 . 2014-12-20 14:12	--------	d-----w-	c:\users\Wilhelm\AppData\Local\Avg2015
2014-11-25 12:59 . 2014-11-25 12:59	18638520	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 20:53 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-24 20:53 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-24 20:52 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-24 20:52 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-24 20:22 . 2014-12-18 18:09	--------	d-----w-	c:\users\TEMP.Wilhelm-PC.000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 21:41 . 2012-10-31 21:05	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-11-19 03:31 . 2014-11-19 03:31	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2014-11-18 20:42 . 2014-11-18 20:42	203544	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-10-25 01:57 . 2014-11-12 16:26	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 16:26	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 16:26	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 16:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 16:34	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 16:34	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 16:26	3241984	----a-w-	c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 16:34	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 16:34	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 16:34	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 16:34	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 16:26	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 16:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 16:34	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 16:34	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-10-10 14:14 . 2014-10-10 14:14	274200	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-10-10 00:57 . 2014-11-12 16:26	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-05 19:41 . 2014-10-05 19:41	124184	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-10-03 02:12 . 2014-11-12 16:27	500224	----a-w-	c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 16:27	284672	----a-w-	c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 16:27	680960	----a-w-	c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 16:27	440832	----a-w-	c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 16:27	296448	----a-w-	c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 16:27	442880	----a-w-	c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 16:27	374784	----a-w-	c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 16:27	195584	----a-w-	c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 05:53	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 05:53	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 2676584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PLTSR"="c:\program files (x86)\EgisTec Port Locker\EgisPLTSR.exe" [2010-10-22 364400]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-08-26 2640408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys;c:\windows\SYSNATIVE\DRIVERS\EgisTecFF.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 20:27	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 20:37]
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 20:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-04-13 9768352]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-04-13 5940128]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-04-13 206176]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: 2014-12-14 20:31; faststartff@gmail.com; c:\users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com
FF - ExtSQL: !HIDDEN! 2014-12-14 20:31; faststartff@gmail.com; c:\users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-23  10:24:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-23 09:24
.
Vor Suchlauf: 8 Verzeichnis(se), 105.493.401.600 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 107.453.575.168 Bytes frei
.
- - End Of File - - EBA8DC16A6B1F5E741F656B80F173556
         
__________________

Alt 23.12.2014, 19:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.12.2014, 16:20   #5
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo und frohe Weihnachten!

Hier das Anwendungsprotokoll von MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.12.2014
Suchlauf-Zeit: 16:01:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.26.07
Rootkit Datenbank: v2014.12.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Wilhelm

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 498317
Verstrichene Zeit: 26 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1512, Löschen bei Neustart, [5a15a6c1bfbd50e67fd84e73897808f8]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 17
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [5a15a6c1bfbd50e67fd84e73897808f8], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [49260562601c1125db44746a16ecc33d], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [49260562601c1125db44746a16ecc33d], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [3936b4b36913f93d8ab9358b51b3c739], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [3a358add7dff11252c6f9b3913f1af51], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [f17e2f389ce0270fdc762171c93a15eb], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [2946184f4d2f1224f1b7a7d048bbb050], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [db940166423a30061b28c4fc06fe619f], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [f7781c4b89f35cda8c0b37a0778d58a8], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [75fa93d4a2da4cead4c414c3d034ce32], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [90df590e314bc76f7915e77d1ae910f0], 
PUP.Optional.ICinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I - Cinema-nv, In Quarantäne, [59166601f686ce68980e74fddb28af51], 
PUP.Optional.ICinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\I - Cinema, In Quarantäne, [4a25a0c7512b10266045432ee023de22], 
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [353a184ff28add59c8c99bd9e91ab050], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [3639ec7bdd9f9a9c95707d55c341df21], 
PUP.Optional.Qone8, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bcb3de89186482b41f232b957a8ab54b], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [fe71cb9c5d1f7abcec902b413ec5f808], 

Registrierungswerte: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [2946184f4d2f1224f1b7a7d048bbb050]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com, In Quarantäne, [274883e4106cb383981da42f1de7fa06]
PUP.Optional.FastStart.A, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [fe71cb9c5d1f7abcec902b413ec5f808]

Registrierungsdaten: 8
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918),Ersetzt,[b6b9d097205c95a1bd77f083e91c3dc3]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a1ce87e0daa257df193cfa8318ed8e72]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}),Ersetzt,[214e3334d4a84aec4de5a4cf29dc2cd4]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918),Ersetzt,[4c2394d35c20c76f240c87ec36cf1ee2]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918),Ersetzt,[83ec4522f3890a2c93a1cfa4897cf20e]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918&q={searchTerms}),Ersetzt,[204f6cfbbebe7abc054a4639d332bc44]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[6a050067a7d584b2e2735924a85dab55]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2955863073-899098632-722755702-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918),Ersetzt,[fc73293ea3d9bd794ce9ec87fe07ba46]

Ordner: 36
PUP.Optional.PicColor.A, C:\ProgramData\PicColorData, In Quarantäne, [e887a2c5a0dc78be38a47de2f80b659b], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [caa53433d5a710262ff741fd758e7e82], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [caa53433d5a710262ff741fd758e7e82], 

Dateien: 78
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [5a15a6c1bfbd50e67fd84e73897808f8], 
PUP.Optional.HDQuality.A, C:\Users\Wilhelm\AppData\Roaming\PEHLZF.exe, In Quarantäne, [c0af5413c0bc59ddef19eee2bb46ed13], 
PUP.Optional.HDQuality.A, C:\Users\Wilhelm\AppData\Roaming\WNOTDII.exe, In Quarantäne, [1857bdaafb81a78f50b8626ec839718f], 
PUP.Optional.OpenCandy, C:\Users\Wilhelm\Downloads\DTLite4454-0314.exe, In Quarantäne, [f679fa6d7ffd7fb7364682215aabed13], 
PUP.Optional.DownloadGuide, C:\Users\Wilhelm\Downloads\download-adblock-chrome (1).exe, In Quarantäne, [90df13548cf00531f1470eeaef12d030], 
PUP.Optional.DownloadGuide, C:\Users\Wilhelm\Downloads\download-adblock-chrome.exe, In Quarantäne, [0867303706760d296bcda355bf42768a], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColorData\Config.bin.bus, In Quarantäne, [e887a2c5a0dc78be38a47de2f80b659b], 
PUP.Optional.PicColor.A, C:\ProgramData\PicColorData\Config.bin, In Quarantäne, [e887a2c5a0dc78be38a47de2f80b659b], 
PUP.Optional.WebSearchs.A, C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, In Quarantäne, [f8778fd892eae3531e492c4ba95a7a86], 
PUP.Optional.WebSearchs.A, C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, In Quarantäne, [b1be7cebdba153e36106db9cd72ce61a], 
PUP.Optional.SelectNGo.A, C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [eb8481e6a3d96dc9a705c1c26c97649c], 
PUP.Optional.SelectNGo.A, C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [91def86f324a8bab911b5e25db28d12f], 
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [c5aa9fc883f9c96da0b431618e759b65], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [c2ad8bdc225a80b6c4539446b450c33d], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, In Quarantäne, [1e517cebfe7e2d093ade5f7b3dc7db25], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMediaOff.ini, In Quarantäne, [37382740fa82a88ec8506c6e05ff25db], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.FastStart.A, C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [5a154d1a4537b97d549857e55ca7e917], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [caa53433d5a710262ff741fd758e7e82], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Hier die Logdatei vom Adwcleaner
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 26/12/2014 um 17:00:29
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Wilhelm - WILHELM-PC
# Gestartet von : C:\Users\Wilhelm\Downloads\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\PurpleRain
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Wilhelm\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Wilhelm\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Wilhelm\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Wilhelm\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Wilhelm\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : C:\Users\Wilhelm\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\user.js
Datei Gelöscht : C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : Run_Bobby_Browser

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****
         
und Junkware Removal
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Wilhelm on 26.12.2014 at 17:09:04,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{0DCEB829-DA43-44EB-8CE7-C09227A31874}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{314344E7-67FC-40B9-8243-BADD95A0842F}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{3ECC254A-CF59-4A53-A5FB-8D37D1BF7F49}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{54773F7E-BF16-4A2F-AB5D-90658B8DDBA3}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{5672F370-3677-4FA2-91A6-1894CE1419FD}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{6E1F388D-47BD-46E0-962F-FD67181A2FBF}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{7B72FA56-3671-49A3-9748-BC087A81C63F}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{AAB7FF2C-7113-41A9-9828-51E62094A5D4}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{D46CC2FE-FB54-4017-AF4F-D15C77625CA9}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{EC087281-0A5F-4955-94EB-D30461A17AA1}
Successfully deleted: [Empty Folder] C:\Users\Wilhelm\appdata\local\{F216C47D-584F-4518-B15F-198EDADCC88C}



~~~ FireFox

Emptied folder: C:\Users\Wilhelm\AppData\Roaming\mozilla\firefox\profiles\wuyinxuy.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2014 at 17:13:48,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Wilhelm (administrator) on WILHELM-PC on 26-12-2014 17:23:08
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-04-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-04-13] (Lenovo)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2955863073-899098632-722755702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59089;https=127.0.0.1:59089
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2955863073-899098632-722755702-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2955863073-899098632-722755702-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default
FF NewTab: google.de
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
CHR StartupUrls: Default -> "hxxp://googl.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-23]
CHR Extension: (Google Docs) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Google Tabellen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-23]
CHR Extension: (mimhmidgldhoghjoehfigallmmndjkef) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-07] (AVG Technologies)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 17:23 - 2014-12-26 17:23 - 00000000 ____D () C:\Users\Wilhelm\Downloads\FRST-OlderVersion
2014-12-26 17:13 - 2014-12-26 17:14 - 00001950 _____ () C:\Users\Wilhelm\Desktop\JRT.txt
2014-12-26 17:09 - 2014-12-26 17:09 - 00000000 ____D () C:\windows\ERUNT
2014-12-26 17:08 - 2014-12-26 17:08 - 01707646 _____ (Thisisu) C:\Users\Wilhelm\Downloads\JRT.exe
2014-12-26 17:03 - 2014-12-26 17:03 - 00016342 _____ () C:\Users\Wilhelm\Desktop\AdwCleaner[S0].txt
2014-12-26 16:55 - 2014-12-26 17:00 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:54 - 2014-12-26 16:54 - 02173952 _____ () C:\Users\Wilhelm\Downloads\AdwCleaner_4.106.exe
2014-12-26 16:52 - 2014-12-26 16:52 - 00030886 _____ () C:\Users\Wilhelm\Desktop\mbam.txt
2014-12-23 09:53 - 2014-12-23 10:24 - 00000000 ____D () C:\Qoobox
2014-12-23 09:53 - 2014-12-23 10:22 - 00000000 ____D () C:\windows\erdnt
2014-12-23 09:53 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-23 09:53 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-23 09:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-23 09:49 - 2014-12-23 09:50 - 05601641 ____R (Swearware) C:\Users\Wilhelm\Desktop\ComboFix.exe
2014-12-23 00:11 - 2014-12-23 00:11 - 00000959 _____ () C:\Users\Wilhelm\Downloads\avg-erkennungen.txt
2014-12-23 00:01 - 2014-12-23 00:01 - 00006598 _____ () C:\Users\Wilhelm\Downloads\gmer.txt
2014-12-22 23:46 - 2014-12-22 23:47 - 00380416 _____ () C:\Users\Wilhelm\Downloads\Gmer-19357.exe
2014-12-22 23:44 - 2014-12-22 23:44 - 00034206 _____ () C:\Users\Wilhelm\Downloads\Addition.txt
2014-12-22 23:43 - 2014-12-26 17:23 - 00018537 _____ () C:\Users\Wilhelm\Downloads\FRST.txt
2014-12-22 23:43 - 2014-12-26 17:23 - 00000000 ____D () C:\FRST
2014-12-22 23:41 - 2014-12-26 17:23 - 02122752 _____ (Farbar) C:\Users\Wilhelm\Downloads\FRST64.exe
2014-12-22 23:40 - 2014-12-22 23:40 - 00000476 _____ () C:\Users\Wilhelm\Downloads\defogger_disable.log
2014-12-22 23:40 - 2014-12-22 23:40 - 00000000 _____ () C:\Users\Wilhelm\defogger_reenable
2014-12-22 23:37 - 2014-12-22 23:38 - 00050477 _____ () C:\Users\Wilhelm\Downloads\Defogger.exe
2014-12-22 23:00 - 2014-12-26 16:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 23:00 - 2014-12-22 23:00 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-22 22:58 - 2014-12-22 22:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wilhelm\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 22:55 - 2014-12-22 22:55 - 00002748 _____ () C:\Users\Wilhelm\Desktop\schädlinge.csv
2014-12-22 20:27 - 2014-12-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-21 12:01 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-20 14:47 - 2014-12-20 14:47 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-20 14:27 - 2014-12-20 14:35 - 159747880 _____ (AVG Technologies) C:\Users\Wilhelm\Downloads\avg_free_x86_all_2015_5645a8758.exe
2014-12-20 14:23 - 2014-12-20 14:23 - 00002152 _____ () C:\Users\Wilhelm\Desktop\chrome.lnk
2014-12-18 07:39 - 2014-12-18 07:39 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Sansibar
2014-12-18 07:39 - 2014-12-18 07:39 - 00000000 ____D () C:\Users\Wilhelm\Desktop\privat
2014-12-18 07:39 - 2014-12-18 07:39 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Dar es Salaam
2014-12-18 07:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 07:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 17:36 - 2014-12-17 17:36 - 00002225 _____ () C:\windows\patsearch.bin
2014-12-17 17:36 - 2014-12-17 17:36 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-14 20:34 - 2014-12-14 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dlg
2014-12-14 20:32 - 2014-12-14 20:32 - 00000000 ____D () C:\windows\System32\Tasks\PurpleRain
2014-12-14 20:31 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\windows\system32\ColorMedia64.dll
2014-12-14 20:31 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\windows\SysWOW64\ColorMedia.dll
2014-12-13 08:22 - 2014-12-13 08:22 - 00003096 _____ () C:\windows\System32\Tasks\{D075EB54-7F73-425D-8537-55DFB5FFDC44}
2014-12-10 22:39 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 22:39 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 22:39 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 22:39 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 21:38 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 21:38 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 21:38 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 21:38 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 21:38 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 21:38 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 21:38 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 21:38 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:38 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 21:38 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 21:38 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 21:38 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 21:38 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 21:38 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 21:38 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 21:38 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 21:38 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 21:38 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 21:38 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 21:38 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 21:38 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 21:38 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 18:06 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 18:06 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 18:06 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 18:01 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 18:01 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 18:01 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 18:01 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-12-06 08:05 - 2014-12-18 19:09 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 08:05 - 2012-10-13 11:01 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\TuneUp Software
2014-12-06 08:05 - 2012-06-09 18:08 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Local\Microsoft Help
2014-12-06 08:05 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\TEMP.Wilhelm-PC.001\Desktop\Lenovo Telephony Start Now.url
2014-12-01 21:29 - 2014-12-01 21:29 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\AVG2015
2014-12-01 21:24 - 2014-12-20 14:46 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-01 21:18 - 2014-12-20 15:12 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Avg2015
2014-11-30 09:21 - 2014-11-30 09:21 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 17:11 - 2012-07-01 16:47 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Skype
2014-12-26 17:10 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 17:10 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 17:08 - 2012-04-14 05:43 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-12-26 17:08 - 2012-04-14 05:43 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-12-26 17:08 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-26 17:03 - 2012-04-13 22:44 - 00210218 _____ () C:\windows\system32\fastboot.set
2014-12-26 17:03 - 2012-04-13 22:40 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 17:02 - 2010-11-21 04:47 - 00265428 _____ () C:\windows\PFRO.log
2014-12-26 17:02 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-26 17:02 - 2009-07-14 05:51 - 00158805 _____ () C:\windows\setupact.log
2014-12-26 17:01 - 2012-04-13 21:50 - 01226442 _____ () C:\windows\WindowsUpdate.log
2014-12-26 16:51 - 2012-04-13 22:40 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Web
2014-12-26 16:32 - 2012-08-08 21:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-26 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-23 10:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 10:15 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-12-23 10:13 - 2009-07-14 03:34 - 74448896 _____ () C:\windows\system32\config\software.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 24379392 _____ () C:\windows\system32\config\system.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-12-23 00:03 - 2013-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 23:47 - 2013-04-22 18:11 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\vlc
2014-12-22 23:40 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm
2014-12-22 23:26 - 2013-09-03 19:52 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dvdcss
2014-12-21 21:09 - 2013-12-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-20 15:02 - 2012-08-08 21:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-20 14:50 - 2014-03-31 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-20 14:50 - 2012-08-08 21:20 - 00000000 ____D () C:\$AVG
2014-12-20 14:10 - 2012-06-09 11:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-19 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-18 19:10 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-18 19:09 - 2014-11-24 21:22 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.000
2014-12-14 20:59 - 2013-06-09 21:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 20:59 - 2013-06-09 21:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-14 20:59 - 2012-06-08 23:50 - 00001421 _____ () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 12:14 - 2014-11-21 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Windows Live
2014-12-11 10:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 22:49 - 2012-06-09 00:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:47 - 2013-08-15 06:40 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 22:41 - 2012-10-31 22:05 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-06 20:17 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 20:17 - 2012-04-13 22:29 - 00000000 ____D () C:\ProgramData\Port Locker
2014-12-06 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration

Some content of TEMP:
====================
C:\Users\Wilhelm\AppData\Local\Temp\Quarantine.exe
C:\Users\Wilhelm\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-18 19:02

==================== End Of Log ============================
         
--- --- ---


Vielen Dank und noch einen schönen 2. Weihnachtstag!


Geändert von chapo (26.12.2014 um 16:24 Uhr) Grund: frst vergessen...

Alt 27.12.2014, 12:11   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Win7 Umbenennung Chrome Browser, Installation Continue Live Installation

Alt 29.12.2014, 11:40   #7
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo!
Der Eset Scan:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cf98a8704cefa64d8ec5dd7705255a5e
# engine=21737
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-29 11:37:13
# local_time=2014-12-29 12:37:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 334900 106987017 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46387824 171482883 0 0
# scanned=16768
# found=0
# cleaned=0
# scan_time=610
         
checkup
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
  Adobe Flash Player 11.8.800.94 Flash Player out of Date!  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
frst:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Wilhelm (administrator) on WILHELM-PC on 29-12-2014 12:14:13
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
         

Alt 29.12.2014, 20:30   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Flash und Adobe updaten.

FRST bitte nochmal, das Log ist nicht komplett. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.12.2014, 21:39   #9
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo!
Flash Player und Adobe Reader sind aktualisiert.
hier noch mal das frst

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Wilhelm (administrator) on WILHELM-PC on 29-12-2014 22:37:03
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Config.Msi\104fc2.rbf
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-04-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-04-13] (Lenovo)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2955863073-899098632-722755702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59089;https=127.0.0.1:59089
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2955863073-899098632-722755702-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2955863073-899098632-722755702-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default
FF NewTab: google.de
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
CHR StartupUrls: Default -> "hxxp://googl.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-23]
CHR Extension: (Google Docs) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Google Tabellen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-23]
CHR Extension: (mimhmidgldhoghjoehfigallmmndjkef) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-07] (AVG Technologies)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:35 - 2014-12-29 22:35 - 00002126 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-12-29 22:35 - 2014-12-29 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-29 22:35 - 2014-12-29 22:35 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-29 22:35 - 2014-12-29 22:35 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-12-29 22:34 - 2014-12-29 22:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-29 22:34 - 2014-12-29 22:34 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-29 22:34 - 2014-12-29 22:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieUserList
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieSiteList
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieBrowserModeList
2014-12-29 22:24 - 2014-12-29 22:24 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 22:24 - 2014-12-29 22:24 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 12:21 - 2014-12-29 12:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 12:20 - 2014-12-29 12:20 - 02347384 _____ (ESET) C:\Users\Wilhelm\Downloads\esetsmartinstaller_deu(1).exe
2014-12-29 12:17 - 2014-12-29 12:17 - 00040898 _____ () C:\Users\Wilhelm\Desktop\FRST-3.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00000884 _____ () C:\Users\Wilhelm\Desktop\checkup.txt
2014-12-29 12:07 - 2014-12-29 12:07 - 00852505 _____ () C:\Users\Wilhelm\Desktop\SecurityCheck.exe
2014-12-27 16:54 - 2014-12-27 16:54 - 00000276 _____ () C:\Users\Wilhelm\Desktop\eset.txt
2014-12-27 13:28 - 2014-12-27 13:28 - 02347384 _____ (ESET) C:\Users\Wilhelm\Downloads\esetsmartinstaller_deu.exe
2014-12-26 17:24 - 2014-12-26 17:24 - 00040419 _____ () C:\Users\Wilhelm\Downloads\FRST-2.txt
2014-12-26 17:23 - 2014-12-29 12:14 - 00000000 ____D () C:\Users\Wilhelm\Downloads\FRST-OlderVersion
2014-12-26 17:09 - 2014-12-26 17:09 - 00000000 ____D () C:\windows\ERUNT
2014-12-26 17:08 - 2014-12-26 17:08 - 01707646 _____ (Thisisu) C:\Users\Wilhelm\Downloads\JRT.exe
2014-12-26 16:55 - 2014-12-26 17:00 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:54 - 2014-12-26 16:54 - 02173952 _____ () C:\Users\Wilhelm\Downloads\AdwCleaner_4.106.exe
2014-12-23 09:53 - 2014-12-23 10:24 - 00000000 ____D () C:\Qoobox
2014-12-23 09:53 - 2014-12-23 10:22 - 00000000 ____D () C:\windows\erdnt
2014-12-23 09:53 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-23 09:53 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-23 09:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-23 09:49 - 2014-12-23 09:50 - 05601641 ____R (Swearware) C:\Users\Wilhelm\Desktop\ComboFix.exe
2014-12-23 00:11 - 2014-12-23 00:11 - 00000959 _____ () C:\Users\Wilhelm\Downloads\avg-erkennungen.txt
2014-12-23 00:01 - 2014-12-23 00:01 - 00006598 _____ () C:\Users\Wilhelm\Downloads\gmer.txt
2014-12-22 23:46 - 2014-12-22 23:47 - 00380416 _____ () C:\Users\Wilhelm\Downloads\Gmer-19357.exe
2014-12-22 23:44 - 2014-12-22 23:44 - 00034206 _____ () C:\Users\Wilhelm\Downloads\Addition.txt
2014-12-22 23:43 - 2014-12-29 22:37 - 00019559 _____ () C:\Users\Wilhelm\Downloads\FRST.txt
2014-12-22 23:43 - 2014-12-29 22:37 - 00000000 ____D () C:\FRST
2014-12-22 23:41 - 2014-12-29 12:14 - 02123264 _____ (Farbar) C:\Users\Wilhelm\Downloads\FRST64.exe
2014-12-22 23:40 - 2014-12-22 23:40 - 00000476 _____ () C:\Users\Wilhelm\Downloads\defogger_disable.log
2014-12-22 23:40 - 2014-12-22 23:40 - 00000000 _____ () C:\Users\Wilhelm\defogger_reenable
2014-12-22 23:37 - 2014-12-22 23:38 - 00050477 _____ () C:\Users\Wilhelm\Downloads\Defogger.exe
2014-12-22 23:00 - 2014-12-26 16:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 23:00 - 2014-12-22 23:00 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-22 22:58 - 2014-12-22 22:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wilhelm\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 22:55 - 2014-12-22 22:55 - 00002748 _____ () C:\Users\Wilhelm\Desktop\schädlinge.csv
2014-12-22 20:27 - 2014-12-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-21 12:01 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-20 14:47 - 2014-12-20 14:47 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-20 14:27 - 2014-12-20 14:35 - 159747880 _____ (AVG Technologies) C:\Users\Wilhelm\Downloads\avg_free_x86_all_2015_5645a8758.exe
2014-12-20 14:23 - 2014-12-20 14:23 - 00002152 _____ () C:\Users\Wilhelm\Desktop\chrome.lnk
2014-12-18 07:39 - 2014-12-26 22:32 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Sansibar
2014-12-18 07:39 - 2014-12-26 22:19 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Dar es Salaam
2014-12-18 07:39 - 2014-12-26 22:11 - 00000000 ____D () C:\Users\Wilhelm\Desktop\privat
2014-12-18 07:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 07:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 17:36 - 2014-12-17 17:36 - 00002225 _____ () C:\windows\patsearch.bin
2014-12-17 17:36 - 2014-12-17 17:36 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-14 20:34 - 2014-12-14 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dlg
2014-12-14 20:32 - 2014-12-14 20:32 - 00000000 ____D () C:\windows\System32\Tasks\PurpleRain
2014-12-14 20:31 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\windows\system32\ColorMedia64.dll
2014-12-14 20:31 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\windows\SysWOW64\ColorMedia.dll
2014-12-13 08:22 - 2014-12-13 08:22 - 00003096 _____ () C:\windows\System32\Tasks\{D075EB54-7F73-425D-8537-55DFB5FFDC44}
2014-12-10 22:39 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 22:39 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 22:39 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 22:39 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 21:38 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 21:38 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 21:38 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 21:38 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 21:38 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 21:38 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 21:38 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 21:38 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:38 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 21:38 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 21:38 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 21:38 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 21:38 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 21:38 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 21:38 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 21:38 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 21:38 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 21:38 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 21:38 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 21:38 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 21:38 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 21:38 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 18:06 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 18:06 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 18:06 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 18:01 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 18:01 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 18:01 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 18:01 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-12-06 08:05 - 2014-12-18 19:09 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 08:05 - 2012-10-13 11:01 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\TuneUp Software
2014-12-06 08:05 - 2012-06-09 18:08 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Local\Microsoft Help
2014-12-06 08:05 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\TEMP.Wilhelm-PC.001\Desktop\Lenovo Telephony Start Now.url
2014-12-01 21:29 - 2014-12-01 21:29 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\AVG2015
2014-12-01 21:24 - 2014-12-20 14:46 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-01 21:18 - 2014-12-20 15:12 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Avg2015
2014-11-30 09:21 - 2014-11-30 09:21 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:35 - 2012-06-09 11:44 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Adobe
2014-12-29 22:35 - 2012-04-13 22:25 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-29 22:34 - 2012-04-13 22:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-29 22:25 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 22:25 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 22:24 - 2013-09-08 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 22:24 - 2013-09-08 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-29 22:22 - 2012-04-14 05:43 - 00699682 _____ () C:\windows\system32\perfh007.dat
2014-12-29 22:22 - 2012-04-14 05:43 - 00149790 _____ () C:\windows\system32\perfc007.dat
2014-12-29 22:22 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-29 22:21 - 2012-08-08 21:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-29 22:17 - 2012-07-01 16:47 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Skype
2014-12-29 22:17 - 2012-04-13 22:44 - 00219110 _____ () C:\windows\system32\fastboot.set
2014-12-29 22:16 - 2012-04-13 22:40 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 22:16 - 2010-11-21 04:47 - 00265974 _____ () C:\windows\PFRO.log
2014-12-29 22:16 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 22:16 - 2009-07-14 05:51 - 00159029 _____ () C:\windows\setupact.log
2014-12-29 14:07 - 2012-04-13 21:50 - 01273102 _____ () C:\windows\WindowsUpdate.log
2014-12-29 12:51 - 2012-04-13 22:40 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Web
2014-12-26 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-23 10:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 10:15 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-12-23 10:13 - 2009-07-14 03:34 - 74448896 _____ () C:\windows\system32\config\software.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 24379392 _____ () C:\windows\system32\config\system.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-12-23 00:03 - 2013-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 23:47 - 2013-04-22 18:11 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\vlc
2014-12-22 23:40 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm
2014-12-22 23:26 - 2013-09-03 19:52 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dvdcss
2014-12-21 21:09 - 2013-12-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-20 15:02 - 2012-08-08 21:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-20 14:50 - 2014-03-31 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-20 14:50 - 2012-08-08 21:20 - 00000000 ____D () C:\$AVG
2014-12-20 14:10 - 2012-06-09 11:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-19 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-18 19:10 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-18 19:09 - 2014-11-24 21:22 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.000
2014-12-14 20:59 - 2013-06-09 21:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 20:59 - 2013-06-09 21:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-14 20:59 - 2012-06-08 23:50 - 00001421 _____ () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 12:14 - 2014-11-21 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Windows Live
2014-12-11 10:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 22:49 - 2012-06-09 00:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:47 - 2013-08-15 06:40 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 22:41 - 2012-10-31 22:05 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-06 20:17 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 20:17 - 2012-04-13 22:29 - 00000000 ____D () C:\ProgramData\Port Locker
2014-12-06 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration

Some content of TEMP:
====================
C:\Users\Wilhelm\AppData\Local\Temp\Quarantine.exe
C:\Users\Wilhelm\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 18:07

==================== End Of Log ============================
         
--- --- ---

Alt 30.12.2014, 13:53   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-2955863073-899098632-722755702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59089;https=127.0.0.1:59089
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Nochmal ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.01.2015, 16:52   #11
chapo
 
Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Hallo und frohes neues Jahr!
Hier der fixlog text
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Wilhelm at 2015-01-01 17:43:43 Run:1
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2955863073-899098632-722755702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59089;https=127.0.0.1:59089
Emptytemp:
*****************

"HKU\S-1-5-21-2955863073-899098632-722755702-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:44:11 ====
         
und hier ein frische FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Wilhelm (administrator) on WILHELM-PC on 01-01-2015 17:50:41
Running from C:\Users\Wilhelm\Downloads
Loaded Profile: Wilhelm (Available profiles: Wilhelm)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-04-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-04-13] (Lenovo)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-2955863073-899098632-722755702-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wilhelm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2955863073-899098632-722755702-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2955863073-899098632-722755702-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default
FF NewTab: google.de
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Wilhelm\AppData\Roaming\Mozilla\Firefox\Profiles\wuyinxuy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1418585457&from=cvs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WXC1C12V9918V9918
CHR StartupUrls: Default -> "hxxp://googl.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-23]
CHR Extension: (Google Docs) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Adblock Plus) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Google Tabellen) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-23]
CHR Extension: (mimhmidgldhoghjoehfigallmmndjkef) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mimhmidgldhoghjoehfigallmmndjkef [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Wilhelm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-07] (AVG Technologies)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:34 - 2014-12-29 22:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-29 22:34 - 2014-12-29 22:34 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-29 22:34 - 2014-12-29 22:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieUserList
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieSiteList
2014-12-29 22:25 - 2014-12-29 22:25 - 00000000 __SHD () C:\Users\Wilhelm\AppData\Local\EmieBrowserModeList
2014-12-29 22:24 - 2015-01-01 17:39 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 22:24 - 2014-12-29 22:24 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-29 12:21 - 2014-12-29 12:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-29 12:20 - 2014-12-29 12:20 - 02347384 _____ (ESET) C:\Users\Wilhelm\Downloads\esetsmartinstaller_deu(1).exe
2014-12-29 12:17 - 2014-12-29 12:17 - 00040898 _____ () C:\Users\Wilhelm\Desktop\FRST-3.txt
2014-12-29 12:13 - 2014-12-29 12:13 - 00000884 _____ () C:\Users\Wilhelm\Desktop\checkup.txt
2014-12-29 12:07 - 2014-12-29 12:07 - 00852505 _____ () C:\Users\Wilhelm\Desktop\SecurityCheck.exe
2014-12-27 16:54 - 2014-12-27 16:54 - 00000276 _____ () C:\Users\Wilhelm\Desktop\eset.txt
2014-12-27 13:28 - 2014-12-27 13:28 - 02347384 _____ (ESET) C:\Users\Wilhelm\Downloads\esetsmartinstaller_deu.exe
2014-12-26 17:24 - 2014-12-26 17:24 - 00040419 _____ () C:\Users\Wilhelm\Downloads\FRST-2.txt
2014-12-26 17:23 - 2014-12-29 12:14 - 00000000 ____D () C:\Users\Wilhelm\Downloads\FRST-OlderVersion
2014-12-26 17:09 - 2014-12-26 17:09 - 00000000 ____D () C:\windows\ERUNT
2014-12-26 17:08 - 2014-12-26 17:08 - 01707646 _____ (Thisisu) C:\Users\Wilhelm\Downloads\JRT.exe
2014-12-26 16:55 - 2014-12-26 17:00 - 00000000 ____D () C:\AdwCleaner
2014-12-26 16:54 - 2014-12-26 16:54 - 02173952 _____ () C:\Users\Wilhelm\Downloads\AdwCleaner_4.106.exe
2014-12-23 09:53 - 2014-12-23 10:24 - 00000000 ____D () C:\Qoobox
2014-12-23 09:53 - 2014-12-23 10:22 - 00000000 ____D () C:\windows\erdnt
2014-12-23 09:53 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-23 09:53 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-23 09:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-23 09:53 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-23 09:49 - 2014-12-23 09:50 - 05601641 ____R (Swearware) C:\Users\Wilhelm\Desktop\ComboFix.exe
2014-12-23 00:11 - 2014-12-23 00:11 - 00000959 _____ () C:\Users\Wilhelm\Downloads\avg-erkennungen.txt
2014-12-23 00:01 - 2014-12-23 00:01 - 00006598 _____ () C:\Users\Wilhelm\Downloads\gmer.txt
2014-12-22 23:46 - 2014-12-22 23:47 - 00380416 _____ () C:\Users\Wilhelm\Downloads\Gmer-19357.exe
2014-12-22 23:44 - 2014-12-22 23:44 - 00034206 _____ () C:\Users\Wilhelm\Downloads\Addition.txt
2014-12-22 23:43 - 2015-01-01 17:50 - 00018889 _____ () C:\Users\Wilhelm\Downloads\FRST.txt
2014-12-22 23:43 - 2015-01-01 17:50 - 00000000 ____D () C:\FRST
2014-12-22 23:41 - 2014-12-29 12:14 - 02123264 _____ (Farbar) C:\Users\Wilhelm\Downloads\FRST64.exe
2014-12-22 23:40 - 2014-12-22 23:40 - 00000476 _____ () C:\Users\Wilhelm\Downloads\defogger_disable.log
2014-12-22 23:40 - 2014-12-22 23:40 - 00000000 _____ () C:\Users\Wilhelm\defogger_reenable
2014-12-22 23:37 - 2014-12-22 23:38 - 00050477 _____ () C:\Users\Wilhelm\Downloads\Defogger.exe
2014-12-22 23:00 - 2014-12-26 16:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 23:00 - 2014-12-22 23:00 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 23:00 - 2014-12-22 23:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 23:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-22 23:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-22 22:58 - 2014-12-22 22:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Wilhelm\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 22:55 - 2014-12-22 22:55 - 00002748 _____ () C:\Users\Wilhelm\Desktop\schädlinge.csv
2014-12-22 20:27 - 2014-12-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-21 12:01 - 2014-12-22 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-20 14:47 - 2014-12-20 14:47 - 00000941 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-20 14:27 - 2014-12-20 14:35 - 159747880 _____ (AVG Technologies) C:\Users\Wilhelm\Downloads\avg_free_x86_all_2015_5645a8758.exe
2014-12-20 14:23 - 2014-12-20 14:23 - 00002152 _____ () C:\Users\Wilhelm\Desktop\chrome.lnk
2014-12-18 07:39 - 2014-12-26 22:32 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Sansibar
2014-12-18 07:39 - 2014-12-26 22:19 - 00000000 ____D () C:\Users\Wilhelm\Desktop\Dar es Salaam
2014-12-18 07:39 - 2014-12-26 22:11 - 00000000 ____D () C:\Users\Wilhelm\Desktop\privat
2014-12-18 07:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 07:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 17:36 - 2014-12-17 17:36 - 00002225 _____ () C:\windows\patsearch.bin
2014-12-17 17:36 - 2014-12-17 17:36 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-14 20:34 - 2014-12-14 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dlg
2014-12-14 20:32 - 2014-12-14 20:32 - 00000000 ____D () C:\windows\System32\Tasks\PurpleRain
2014-12-14 20:31 - 2014-12-14 10:53 - 00378640 _____ (CartCrunch Israel Ltd.) C:\windows\system32\ColorMedia64.dll
2014-12-14 20:31 - 2014-12-14 10:53 - 00332568 _____ (CartCrunch Israel Ltd.) C:\windows\SysWOW64\ColorMedia.dll
2014-12-13 08:22 - 2014-12-13 08:22 - 00003096 _____ () C:\windows\System32\Tasks\{D075EB54-7F73-425D-8537-55DFB5FFDC44}
2014-12-10 22:39 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 22:39 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 22:39 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 22:39 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 22:39 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 22:39 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 22:39 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-10 21:38 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 21:38 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 21:38 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 21:38 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 21:38 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 21:38 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 21:38 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 21:38 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 21:38 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:38 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 21:38 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 21:38 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 21:38 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 21:38 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 21:38 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:38 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 21:38 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 21:38 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 21:38 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 21:38 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 21:38 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 21:38 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:38 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 21:38 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 21:38 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 21:38 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 21:38 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 21:38 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 21:38 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 21:38 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:38 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 21:38 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 21:38 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 21:38 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 21:38 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 21:38 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 18:06 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:06 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 18:06 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 18:06 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 18:01 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 18:01 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 18:01 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 18:01 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 18:01 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 18:01 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-12-06 08:05 - 2014-12-18 19:09 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ___RD () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-06 08:05 - 2014-12-06 20:17 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 08:05 - 2012-10-13 11:01 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Roaming\TuneUp Software
2014-12-06 08:05 - 2012-06-09 18:08 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.001\AppData\Local\Microsoft Help
2014-12-06 08:05 - 2010-12-19 06:31 - 00000189 _____ () C:\Users\TEMP.Wilhelm-PC.001\Desktop\Lenovo Telephony Start Now.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 17:51 - 2012-04-13 22:40 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 17:50 - 2012-04-14 05:43 - 00699682 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:50 - 2012-04-14 05:43 - 00149790 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:50 - 2009-07-14 06:13 - 01620684 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-01 17:46 - 2012-04-13 22:44 - 00169256 _____ () C:\windows\system32\fastboot.set
2015-01-01 17:45 - 2012-04-13 22:40 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 17:45 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-01 17:45 - 2009-07-14 05:51 - 00159421 _____ () C:\windows\setupact.log
2015-01-01 17:44 - 2012-04-13 21:50 - 01356643 _____ () C:\windows\WindowsUpdate.log
2015-01-01 17:40 - 2012-07-01 16:47 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Skype
2015-01-01 16:32 - 2012-08-08 21:18 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-01 04:26 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 04:26 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 15:53 - 2010-11-21 04:47 - 00267338 _____ () C:\windows\PFRO.log
2014-12-29 22:35 - 2012-06-09 11:44 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Adobe
2014-12-29 22:35 - 2012-04-13 22:25 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-29 22:34 - 2012-04-13 22:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-29 22:24 - 2013-09-08 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-29 22:24 - 2013-09-08 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\Web
2014-12-26 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-23 10:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-23 10:15 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-12-23 10:13 - 2009-07-14 03:34 - 74448896 _____ () C:\windows\system32\config\software.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 24379392 _____ () C:\windows\system32\config\system.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00524288 _____ () C:\windows\system32\config\default.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-12-23 10:13 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-12-23 00:03 - 2013-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 23:47 - 2013-04-22 18:11 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\vlc
2014-12-22 23:40 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm
2014-12-22 23:26 - 2013-09-03 19:52 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\dvdcss
2014-12-21 21:09 - 2013-12-28 11:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-20 15:12 - 2014-12-01 21:18 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Avg2015
2014-12-20 15:02 - 2012-08-08 21:19 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-20 14:50 - 2014-03-31 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-20 14:50 - 2012-08-08 21:20 - 00000000 ____D () C:\$AVG
2014-12-20 14:46 - 2014-12-01 21:24 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-20 14:10 - 2012-06-09 11:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-19 10:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-18 19:10 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-12-18 19:09 - 2014-11-24 21:22 - 00000000 ____D () C:\Users\TEMP.Wilhelm-PC.000
2014-12-14 20:59 - 2013-06-09 21:16 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-14 20:59 - 2013-06-09 21:16 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-14 20:59 - 2012-06-08 23:50 - 00001421 _____ () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 12:14 - 2014-11-21 20:34 - 00000000 ____D () C:\Users\Wilhelm\AppData\Local\Windows Live
2014-12-11 10:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 22:49 - 2012-06-09 00:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 22:47 - 2013-08-15 06:40 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 22:41 - 2012-10-31 22:05 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-06 20:17 - 2012-06-08 23:46 - 00000000 ____D () C:\Users\Wilhelm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-06 20:17 - 2012-04-13 22:29 - 00000000 ____D () C:\ProgramData\Port Locker
2014-12-06 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\registration

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-26 18:07

==================== End Of Log ============================
         
--- --- ---

Alt 01.01.2015, 18:57   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Standard

Win7 Umbenennung Chrome Browser, Installation Continue Live Installation



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7 Umbenennung Chrome Browser, Installation Continue Live Installation
avg2015, fehlercode 0x5, pup.optional.blockandsurf.a, pup.optional.colormedia.a, pup.optional.downloadguide, pup.optional.dynconie.a, pup.optional.faststart.a, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.hdquality.a, pup.optional.icinema.a, pup.optional.multiie.a, pup.optional.opencandy, pup.optional.piccolor.a, pup.optional.qone8, pup.optional.selectngo.a, pup.optional.websearches, pup.optional.websearchs.a, pup.optional.webssearches.a, pup.optional.windowsmangerprotect.a, pup.optional.windowsprotectmanger.a, pup.optional.wpm.a, secure search, vtoolbarupdater, windowsprotectmanger



Ähnliche Themen: Win7 Umbenennung Chrome Browser, Installation Continue Live Installation


  1. Windows 8: Ca. vor 1 Monat "continue live installation" eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2015 (5)
  2. Windows 7/8: Continue Live Installation (und mehr?) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2015 (15)
  3. Continue Live Installation erscheint immer wieder...
    Log-Analyse und Auswertung - 12.04.2015 (11)
  4. Window 7 http gotut.ru lässt sich als Startseite nicht entfernen + Continue Live Installation von adwcleaner erkannt und entfernt
    Log-Analyse und Auswertung - 07.04.2015 (5)
  5. Continue live installation
    Plagegeister aller Art und deren Bekämpfung - 22.03.2015 (17)
  6. Continue Live Installation meldung
    Log-Analyse und Auswertung - 22.03.2015 (17)
  7. Continue Live Installation lässt sich nicht entfernen.
    Log-Analyse und Auswertung - 16.03.2015 (13)
  8. Continue Live Installation
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (13)
  9. continue live installation/windows version installer bei Windows7
    Log-Analyse und Auswertung - 22.02.2015 (15)
  10. Windows 8: Werbung im Browser/ unerwünschte Installation: Continue Live Installation
    Log-Analyse und Auswertung - 19.02.2015 (24)
  11. Live Installation
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (27)
  12. Windows 8.1: Continue Live Installation
    Log-Analyse und Auswertung - 19.11.2014 (12)
  13. Continue Live Installation Entfernen
    Log-Analyse und Auswertung - 22.10.2014 (1)
  14. Windows 7 : Windows Version Installer Overlay und Continue Live Installation.exe verschwindet nicht.
    Log-Analyse und Auswertung - 09.10.2014 (9)
  15. Continue Live Installation
    Plagegeister aller Art und deren Bekämpfung - 01.10.2014 (17)
  16. Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."
    Log-Analyse und Auswertung - 03.07.2014 (21)
  17. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)

Zum Thema Win7 Umbenennung Chrome Browser, Installation Continue Live Installation - Hallo! Vor zwei Tagen hat sich nach einem Windows Update mein Chrome Browser umbenannt (leider weiß ich nicht mehr wie) und mehrere Programme (youtube-, facebook- und amazon-Verknüpfungen) wurden installiert. Mein - Win7 Umbenennung Chrome Browser, Installation Continue Live Installation...
Archiv
Du betrachtest: Win7 Umbenennung Chrome Browser, Installation Continue Live Installation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.