| |
| |||||||
Log-Analyse und Auswertung: Windows 8 - Browsereingaben werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
04.02.2015, 19:19
| #1 |
 |  Windows 8 - Browsereingaben werden auf Werbung umgeleitet Hallo, bereits zum zweiten Mal muss ich dieses Forum mit meinen Problemen belästigen: Alle installierten Browser (IE, Firefox und Opera, zuletzt auch Google Chrome) versagen ihren Dienst. Nach Eingabe erfolgt eine Weiterleitung auf eine Werbeseite. Oft werden Programme angeboten um Mal- oder andere Schadsoftware zu entfernen. Auch sind die richtigen Seiten, wenn mal geöffnet, übersät von Werbebannern. Heute kam es mehrfach vor, dass Mails während des Schreibens plötzlich verschwanden. Der Scan mit GMER hat erst im zweiten Anlauf funktioniert. Beim ersten mal stürzte der komplette PC ab und musste neu gestartet werden. Ich hoffe, man kann mir hier - wie beim letzten Mal - weiterhelfen. Hier die Logfiles (eigene habe ich nicht!) DEFOGGER: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:51 on 04/02/2015 (Jürgen)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 18:54:39
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) F:\Programme\Office15\OUTLOOK.EXE
(deltra Business Software GmbH & Co KG) C:\orgaMAX\orgaMAX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
(Microsoft Corporation) F:\Programme\Office15\EXCEL.EXE
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxTrayapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.x64.dll ()
BHO: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.x64.dll ()
BHO: ExtraShopper -> {4cc67542-bea2-437a-a5b5-250b35d73051} -> C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.x64.dll ()
BHO: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.x64.dll ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: TicTaCoupon -> {b5020b2d-494a-4c9f-bc0a-b1b8a778359b} -> C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll ()
BHO: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.x64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ApptoU -> {d7e27882-1545-44e4-ba10-18a5ca11d053} -> C:\ProgramData\ApptoU\tkvwBlYvSpiy67.x64.dll ()
BHO: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.x64.dll ()
BHO: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.x64.dll ()
BHO: dealpeak -> {e5d45e03-27b5-4ed3-b51a-127efd16e258} -> C:\ProgramData\dealpeak\oN0bqJBElzWVkV.x64.dll ()
BHO: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.x64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.dll ()
BHO-x32: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.dll ()
BHO-x32: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll ()
BHO-x32: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.dll ()
BHO-x32: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com [2014-09-17]
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: ProShopper - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
Opera:
=======
OPR Extension: (HQ-Video-Pro-1.9) - C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 18:54 - 2015-02-04 18:54 - 00030607 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-04 18:54 - 2015-02-04 18:54 - 00000000 ____D () C:\FRST
2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\RRoyaliCCoauppon
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\KiingCoUpeoonn
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-06 12:27 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\toopbbuyer
2015-01-06 12:27 - 2015-02-02 18:15 - 00000000 ____D () C:\ProgramData\CCouPScaananer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 18:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-04 18:51 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-04 18:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 18:47 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:37 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:32 - 2013-12-17 09:34 - 01944324 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 18:18 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 18:09 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-04 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 18:00 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-04 17:55 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 17:55 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 17:55 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 17:50 - 2014-12-02 16:09 - 00008984 _____ () C:\Windows\setupact.log
2015-02-04 17:49 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 17:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop
2015-02-04 17:02 - 2014-11-09 15:58 - 00268150 _____ () C:\Windows\PFRO.log
2015-02-04 14:06 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 20:51 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\16724744141051052375
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-02-01 16:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
2015-01-07 04:47 - 2014-11-05 03:11 - 00000000 ____D () C:\ProgramData\e81a3a2f4ea4c157
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-29 05:53
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 18:54:39
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) F:\Programme\Office15\OUTLOOK.EXE
(deltra Business Software GmbH & Co KG) C:\orgaMAX\orgaMAX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
(Microsoft Corporation) F:\Programme\Office15\EXCEL.EXE
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxTrayapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.x64.dll ()
BHO: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.x64.dll ()
BHO: ExtraShopper -> {4cc67542-bea2-437a-a5b5-250b35d73051} -> C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.x64.dll ()
BHO: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.x64.dll ()
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: TicTaCoupon -> {b5020b2d-494a-4c9f-bc0a-b1b8a778359b} -> C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll ()
BHO: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.x64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ApptoU -> {d7e27882-1545-44e4-ba10-18a5ca11d053} -> C:\ProgramData\ApptoU\tkvwBlYvSpiy67.x64.dll ()
BHO: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.x64.dll ()
BHO: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.x64.dll ()
BHO: dealpeak -> {e5d45e03-27b5-4ed3-b51a-127efd16e258} -> C:\ProgramData\dealpeak\oN0bqJBElzWVkV.x64.dll ()
BHO: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.x64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SMartCOmpArre -> {3ba224c4-2a46-402d-aeba-748f8e824494} -> C:\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.dll ()
BHO-x32: KiingCoUpeoonn -> {3e1a9f93-d41b-4561-8949-30ade70e70bb} -> C:\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.dll ()
BHO-x32: CCouPScaananer -> {7ed4bc59-05d0-47bc-9339-047a64f91823} -> C:\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.dll No File
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: BetteerPPriCeChEco -> {cb88c086-d521-4ab7-b384-2b98b81c975b} -> C:\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.dll ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SofTCOup -> {da90a060-22d7-473d-a0e1-e056a0709e94} -> C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll ()
BHO-x32: FlashCouponu -> {e3c1f8ff-652e-4eb4-89a0-4e63cf982439} -> C:\ProgramData\FlashCouponu\e54O7BVCn5RfMs.dll ()
BHO-x32: toopbbuyer -> {fcf9b259-6a6a-464d-9a2d-569451a77b07} -> C:\ProgramData\toopbbuyer\0pFsb93x9csNuQ.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com [2014-09-17]
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: ProShopper - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
Opera:
=======
OPR Extension: (HQ-Video-Pro-1.9) - C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-04-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 18:54 - 2015-02-04 18:54 - 00030607 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-04 18:54 - 2015-02-04 18:54 - 00000000 ____D () C:\FRST
2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\RRoyaliCCoauppon
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\KiingCoUpeoonn
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-06 12:27 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\toopbbuyer
2015-01-06 12:27 - 2015-02-02 18:15 - 00000000 ____D () C:\ProgramData\CCouPScaananer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 18:54 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-04 18:51 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-04 18:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 18:47 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:37 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:32 - 2013-12-17 09:34 - 01944324 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 18:18 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 18:09 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-04 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 18:00 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-04 17:55 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 17:55 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 17:55 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 17:50 - 2014-12-02 16:09 - 00008984 _____ () C:\Windows\setupact.log
2015-02-04 17:49 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 17:49 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop
2015-02-04 17:02 - 2014-11-09 15:58 - 00268150 _____ () C:\Windows\PFRO.log
2015-02-04 14:06 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 20:51 - 2014-12-13 20:34 - 00000000 ____D () C:\ProgramData\16724744141051052375
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-02-01 16:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
2015-01-07 04:47 - 2014-11-05 03:11 - 00000000 ____D () C:\ProgramData\e81a3a2f4ea4c157
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-29 05:53
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-04 20:06:21
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 TOSHIBA_THNSNH128GMCT rev.HTCAN102 119,24GB
Running: mm3j1gcq.exe; Driver: C:\Users\JRGEN~1\AppData\Local\Temp\kglyiaoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\dwm.exe[612] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\Explorer.EXE[1996] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Windows\system32\mfevtps.exe[2196] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2544] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2636] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2928] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4764] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd18451f6a 4 bytes [45, 18, FD, 7F]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[4764] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd18451f82 4 bytes [45, 18, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[5012] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1632] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd18451f6a 4 bytes [45, 18, FD, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1632] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd18451f82 4 bytes [45, 18, FD, 7F]
.text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd2e6f169a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd2e6f16a2 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd2e6f181a 4 bytes [6F, 2E, FD, 7F]
.text C:\Program Files\Common Files\mcafee\platform\McUICnt.exe[5560] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd2e6f1832 4 bytes [6F, 2E, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [804:856] fffff960008bcb90
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [1400] (FreemakeUtilsService/Freemake)(2014-11-20 12:27:12) 0000000000d60000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Jürgen |
|
04.02.2015, 19:32
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8 - Browsereingaben werden auf Werbung umgeleitet hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
04.02.2015, 20:32
| #3 |
| | Windows 8 - Browsereingaben werden auf Werbung umgeleitet Hallo,
__________________MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.02.2015 Suchlauf-Zeit: 20:55:43 Logdatei: mbam1.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Jürgen Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 331480 Verstrichene Zeit: 7 Min, 30 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 3 PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26], Registrierungsschlüssel: 55 PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{4cc67542-bea2-437a-a5b5-250b35d73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{4CC67542-BEA2-437A-A5B5-250B35D73051}\INPROCSERVER32, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{d7e27882-1545-44e4-ba10-18a5ca11d053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\ApptoU.ApptoU, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\ApptoU.ApptoU.9, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ApptoU.ApptoU, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ApptoU.ApptoU.9, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{D7E27882-1545-44E4-BA10-18A5CA11D053}\INPROCSERVER32, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{e5d45e03-27b5-4ed3-b51a-127efd16e258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}\INPROCSERVER32, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.SupraSavings, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}, In Quarantäne, [679f7dc10a72fc3a47f2af9d10f30df3], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4d49a557}, In Quarantäne, [e6202a14097342f48f5fc58c798a758b], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [d72f8ab44b3166d06eb0d95fc142a15f], PUP.Optional.ReMarkit.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [df2780beb0cca39384de112f45be12ee], PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [45c1d26c136943f3550d9aa64db625db], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [d1353707bdbfc175d1313c3a2ad9ac54], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [7f8728163349be7821164646e420b947], PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7BCAC0EB-3993-2416-0531-848C39DF8B65}, In Quarantäne, [42c4c47a2f4de5519554062482818779], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E370F69F-ED3F-925F-31FC-14D1329A713B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{b5020b2d-494a-4c9f-bc0a-b1b8a778359b}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}\INPROCSERVER32, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{da90a060-22d7-473d-a0e1-e056a0709e94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup.9, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup.9, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\CLSID\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\CLSID\{DA90A060-22D7-473D-A0E1-E056A0709E94}\INPROCSERVER32, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, In Quarantäne, [7f8728163349be7821164646e420b947] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 5 PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OPENCANDY, In Quarantäne, [66a087b75725330361435fa958ab2ed2], PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OPENCANDY\A4D2466B51C54A5EBDC29F354E566EB9, In Quarantäne, [66a087b75725330361435fa958ab2ed2], PUP.Optional.ExtraShopper.A, C:\ProgramData\EXTRASHOPPER, In Quarantäne, [42c4c47a2f4de5519554062482818779], PUP.Optional.TicTaCoupon.A, C:\ProgramData\TICTACOUPON, Löschen bei Neustart, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26], Dateien: 18 PUP.Optional.MultiPlug, C:\ProgramData\ExtraShopper\EQVJM1QU0KZZ2G.X64.DLL, In Quarantäne, [50b6a5994c300531d015447b639ed729], PUP.Optional.MultiPlug, C:\ProgramData\ApptoU\TKVWBLYVSPIY67.X64.DLL, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2], PUP.Optional.MultiPlug, C:\ProgramData\dealpeak\ON0BQJBELZWVKV.X64.DLL, In Quarantäne, [986e95a9f98352e4618466590ff2b34d], PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, In Quarantäne, [a561e15de09c211549f283da887835cb], PUP.Optional.OpenCandy, C:\Users\Jürgen\Downloads\FreemakeVideoConverterSetup.exe, In Quarantäne, [15f105390e6e112518c96fb8ba477b85], PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OpenCandy\A4D2466B51C54A5EBDC29F354E566EB9\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe, In Quarantäne, [66a087b75725330361435fa958ab2ed2], PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.dat, In Quarantäne, [42c4c47a2f4de5519554062482818779], PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.exe, In Quarantäne, [42c4c47a2f4de5519554062482818779], PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.tlb, In Quarantäne, [42c4c47a2f4de5519554062482818779], PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.dat, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.exe, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.tlb, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dat, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.X64.DLL, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.exe, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.tlb, In Quarantäne, [92745ae4324a082e1ed52313bc47da26], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 21:18:14
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Jürgen - JUES-LINKER-PC
# Gestartet von : C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ApptoU
Ordner Gelöscht : C:\ProgramData\dealpeak
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\ShoppingDealFactory
Ordner Gelöscht : C:\ProgramData\BetteerPPriCeChEco
Ordner Gelöscht : C:\ProgramData\CCouPScaananer
Ordner Gelöscht : C:\ProgramData\CouponFactory
Ordner Gelöscht : C:\ProgramData\FlashCouponu
Ordner Gelöscht : C:\ProgramData\SMartCOmpArre
Ordner Gelöscht : C:\ProgramData\toopbbuyer
Ordner Gelöscht : C:\ProgramData\UltraCoupon
Ordner Gelöscht : C:\ProgramData\16724744141051052375
Ordner Gelöscht : C:\ProgramData\e81a3a2f4ea4c157
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\KiingCoUpeoonn
Ordner Gelöscht : C:\Program Files (x86)\RRoyaliCCoauppon
Ordner Gelöscht : C:\Users\Jürgen\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Datei Gelöscht : C:\Windows\System32\drivers\SAWFP64.sys
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js
Datei Gelöscht : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_api.ciuvo.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P3e1a9f93_d41b_4561_8949_30ade70e70bb_.P3e1a9f93_d41b_4561_8949_30ade70e70bb_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P3e1a9f93_d41b_4561_8949_30ade70e70bb_.P3e1a9f93_d41b_4561_8949_30ade70e70bb_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7ed4bc59_05d0_47bc_9339_047a64f91823_.P7ed4bc59_05d0_47bc_9339_047a64f91823_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7ed4bc59_05d0_47bc_9339_047a64f91823_.P7ed4bc59_05d0_47bc_9339_047a64f91823_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.Pfcf9b259_6a6a_464d_9a2d_569451a77b07_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5FE462-1A84-47B4-3411-C72434AAD86C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
[xozha3xy.default\prefs.js] - Zeile gelöscht : user_pref("extensions.aUXzT8ZPvS960ADy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [19191 octets] - [04/02/2015 21:16:14]
AdwCleaner[S0].txt - [18329 octets] - [04/02/2015 21:18:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18390 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Jrgen on 04.02.2015 at 21:23:13,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 21:24:26,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 21:26:10
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) F:\Programme\Office15\MSOSYNC.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 21:26 - 2015-02-04 21:26 - 00027108 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-04 21:24 - 2015-02-04 21:24 - 00000615 _____ () C:\Users\Jürgen\Desktop\JRT.txt
2015-02-04 21:22 - 2015-02-04 21:22 - 01388274 _____ (Thisisu) C:\Users\Jürgen\Downloads\JRT.exe
2015-02-04 21:20 - 2015-02-04 21:20 - 00018655 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S0].txt
2015-02-04 21:15 - 2015-02-04 21:18 - 00000000 ____D () C:\AdwCleaner
2015-02-04 21:12 - 2015-02-04 21:13 - 02194432 _____ () C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
2015-02-04 21:12 - 2015-02-04 21:12 - 00014307 _____ () C:\Users\Jürgen\Desktop\mbam1.txt
2015-02-04 20:54 - 2015-02-04 20:54 - 00001082 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-04 20:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 20:52 - 2015-02-04 20:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 20:06 - 2015-02-04 20:06 - 00012237 _____ () C:\Users\Jürgen\Downloads\Gmer.txt
2015-02-04 19:13 - 2015-02-04 19:13 - 00296656 _____ () C:\Windows\Minidump\020415-6046-01.dmp
2015-02-04 19:13 - 2015-02-04 19:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 18:58 - 2015-02-04 18:58 - 00380416 _____ () C:\Users\Jürgen\Downloads\mm3j1gcq.exe
2015-02-04 18:55 - 2015-02-04 18:55 - 00041332 _____ () C:\Users\Jürgen\Downloads\Addition.txt
2015-02-04 18:54 - 2015-02-04 21:26 - 00000000 ____D () C:\FRST
2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 21:25 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 21:25 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 21:25 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 21:20 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-04 21:20 - 2013-12-17 09:34 - 01069344 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 21:19 - 2014-12-02 16:09 - 00010028 _____ () C:\Windows\setupact.log
2015-02-04 21:19 - 2014-11-09 15:58 - 00273942 _____ () C:\Windows\PFRO.log
2015-02-04 21:19 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-04 21:19 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 21:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 21:14 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-04 21:10 - 2014-05-10 10:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 21:08 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 21:07 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-04 21:06 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-04 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 20:56 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-04 20:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:39 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-04 19:13 - 2014-03-02 14:27 - 679231059 _____ () C:\Windows\MEMORY.DMP
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jürgen\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-29 05:53
==================== End Of Log ============================
--- --- --- |
|
05.02.2015, 07:27
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8 - Browsereingaben werden auf Werbung umgeleitetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2015, 00:02
| #5 |
| | Windows 8 - Browsereingaben werden auf Werbung umgeleitet Hallo, ich bitte um Verzeihung, ich hatte 2 tage keinen Strom im Haus, wegen kompletten Austausch der Sicherungen. Somit auch kein Internet. Hier die gewünschten Logs... ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a70f43377eff2645970e7ac828feb40d
# engine=22317
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-05 08:37:49
# local_time=2015-02-05 09:37:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 177253 50064127 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6886101 48006762 0 0
# scanned=307263
# found=40
# cleaned=40
# scan_time=1587
sh=C7A14A360E514B10E124815AB84272C19B38FE58 ft=1 fh=c71c00114de214d5 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.exe.vir"
sh=D682679FC9147EE33F429D2EA712A2683A9DEBF0 ft=1 fh=4abd756e9db50fa5 vn="Variante von Win64/Adware.MultiPlug.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\KiingCoUpeoonn\nqu4pouMyztZzH.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RRoyaliCCoauppon\RRoyaliCCoauppon.exe.vir"
sh=663376C2BF64AA631B37DA373391C4F30063B3FA ft=1 fh=c71c001100a786c5 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\ApptoU\tkvwBlYvSpiy67.exe.vir"
sh=67052C135F85C6A49625B96CA3057D093B3E89BF ft=1 fh=c71c001136359b13 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.exe.vir"
sh=FABFC45B3338EC12EC1D5DDC183096B2FC4488CB ft=1 fh=2d15bb0f8291316b vn="Variante von Win64/Adware.MultiPlug.E Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\BetteerPPriCeChEco\8tYd5KMAX9JC58.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.exe.vir"
sh=919FFC5267A360B47467AFE5C32D77703CDBC221 ft=1 fh=02e66a7f81582a05 vn="Variante von Win64/Adware.MultiPlug.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\CCouPScaananer\lEX3oQIoQ2hnWg.x64.dll.vir"
sh=5F0FF00727D359D53128DF287683FA2746E03108 ft=1 fh=c71c00113669338f vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\dealpeak\oN0bqJBElzWVkV.exe.vir"
sh=BFF9450ED225C31548426C98EBCF6055BA7A2BB9 ft=1 fh=c71c00118b379316 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashCouponu\e54O7BVCn5RfMs.dll.vir"
sh=564E5F05143E29E5DE4F202DD9C6F36B05B3BCB3 ft=1 fh=12d2304591e86037 vn="Variante von Win64/Adware.MultiPlug.E Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashCouponu\e54O7BVCn5RfMs.x64.dll.vir"
sh=B0E4614E28C6B0BC5A610E43F9933EFEC8FC9E42 ft=1 fh=c71c00117d492e7e vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.exe.vir"
sh=59B5FA80B1A617CA7B832CEAD3FC4711EF464C89 ft=1 fh=7f3232348d2c55ba vn="Variante von Win64/Adware.MultiPlug.E Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\SMartCOmpArre\JcKCGrbB2uh9yv.x64.dll.vir"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\toopbbuyer\0pFsb93x9csNuQ.exe.vir"
sh=919E17D5A5366BD31CC980B305D8AF6EEA37907C ft=1 fh=02e66a7fbd28e719 vn="Variante von Win64/Adware.MultiPlug.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\toopbbuyer\0pFsb93x9csNuQ.x64.dll.vir"
sh=14DBEFE4639E7D5CA4D0D228EF7BE9DEBE7B8448 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org\content\bg.js.vir"
sh=4F1C38F649CC3DF6B317972621DE7C6317D076AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.38_0\extensionData\plugins\91.js.vir"
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Search Slate\Search Slate.exe"
sh=E658D69F2224A16B96AA249D1713DD5FA640A71A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\ch9Bh0A3.js"
sh=F540379A5E61AD0587F02D26320D65C9D8557B9A ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\content.js"
sh=1CC260AF30EB3CDFDE218B39CDB55831635BA690 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\lsdb.js"
sh=C3FEFD3A9B8231D7CDB5C99EAFF07809B1E0C220 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\abo@420.org\content\bg.js"
sh=49B7969BCF7EAAE67457E7844F1197A9065634FB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\au@vH.edu\content\bg.js"
sh=9DF90A5DDFBE57CB4FAB0355C8506E800428302D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\bg@d36E.net\content\bg.js"
sh=7586EE36DAA453B01527B0D4B9E45DF943999F9D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\eP@mZSd.com\content\bg.js"
sh=BC5667404137F4EBB89834889DA66FDD5BA7EA65 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\K@PdnU.org\content\bg.js"
sh=AC6369742839F8FB6A12FC6E52528666DD60DDA1 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\lN@x5bw8Oeu.edu\content\bg.js"
sh=D219ECAAD2838ABD6196CDE61C0C36878ADB7D60 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\MKNRkXx@mFx.net\content\bg.js"
sh=093E1539140D028DF63F7ABB2750D12BF67E77B6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\v@aIb.org\content\bg.js"
sh=4019CC122C399F808E696E78C1D2158B0E67E5C6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\xc1h9p@E.edu\content\bg.js"
sh=A700104BEFD65C16197D701CA3C10C732573E97C ft=1 fh=bba1476dcfe8d77a vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\Downloads\driver12_booster_setup.exe"
sh=6D259E8B7FC2A5CA3A960E76EC15A39B242F94F0 ft=1 fh=4a984638c41edfed vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\Downloads\FFSetup3.2.1.0.exe"
sh=68B1DEDBE6A6B7CEA03D585B84557B12ED4D3C3D ft=1 fh=c2e7503f8bc43c54 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Jürgen\Downloads\FileZilla_3.9.0.5_win32-setup.exe"
sh=E31E4931A1E2CD52E6B594FB9291C5D780A1ED93 ft=1 fh=8bf46064de1ec7f5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\BitBox Browser in the Box Firefox Edition - CHIP-Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a70f43377eff2645970e7ac828feb40d
# engine=22359
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 09:11:19
# local_time=2015-02-07 10:11:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 398863 50282137 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7107711 48224772 0 0
# scanned=308441
# found=0
# cleaned=0
# scan_time=3680
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a70f43377eff2645970e7ac828feb40d
# engine=22359
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 09:38:18
# local_time=2015-02-07 10:38:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 400482 50283756 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7109330 48226391 0 0
# scanned=308904
# found=0
# cleaned=0
# scan_time=1481
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
McAfee Anti-Virus und Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Secunia PSI (3.0.0.9016)
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
StarMoney 9.0 ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 08-02-2015 00:55:37
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Microsoft Corporation) F:\Programme\Office15\OUTLOOK.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 00:55 - 2015-02-08 00:55 - 02132992 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-08 00:55 - 2015-02-08 00:55 - 00027853 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-08 00:55 - 2015-02-08 00:55 - 00000000 ____D () C:\Users\Jürgen\Downloads\FRST-OlderVersion
2015-02-08 00:53 - 2015-02-08 00:53 - 00852594 _____ () C:\Users\Jürgen\Downloads\SecurityCheck.exe
2015-02-07 11:49 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 11:49 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 09:06 - 2015-02-05 09:06 - 02347384 _____ (ESET) C:\Users\Jürgen\Downloads\esetsmartinstaller_deu.exe
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-04 21:24 - 2015-02-04 21:24 - 00000615 _____ () C:\Users\Jürgen\Desktop\JRT.txt
2015-02-04 21:22 - 2015-02-04 21:22 - 01388274 _____ (Thisisu) C:\Users\Jürgen\Downloads\JRT.exe
2015-02-04 21:20 - 2015-02-04 21:20 - 00018655 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S0].txt
2015-02-04 21:15 - 2015-02-04 21:18 - 00000000 ____D () C:\AdwCleaner
2015-02-04 21:12 - 2015-02-04 21:13 - 02194432 _____ () C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
2015-02-04 21:12 - 2015-02-04 21:12 - 00014307 _____ () C:\Users\Jürgen\Desktop\mbam1.txt
2015-02-04 20:54 - 2015-02-04 20:54 - 00001082 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-04 20:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 20:52 - 2015-02-04 20:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 20:06 - 2015-02-04 20:06 - 00012237 _____ () C:\Users\Jürgen\Downloads\Gmer.txt
2015-02-04 19:13 - 2015-02-04 19:13 - 00296656 _____ () C:\Windows\Minidump\020415-6046-01.dmp
2015-02-04 19:13 - 2015-02-04 19:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 18:58 - 2015-02-04 18:58 - 00380416 _____ () C:\Users\Jürgen\Downloads\mm3j1gcq.exe
2015-02-04 18:55 - 2015-02-04 18:55 - 00041332 _____ () C:\Users\Jürgen\Downloads\Addition.txt
2015-02-04 18:54 - 2015-02-08 00:55 - 00000000 ____D () C:\FRST
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-05 09:36 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 00:53 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-08 00:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 00:06 - 2013-12-17 09:34 - 01807018 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-07 22:38 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-07 22:01 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-07 21:58 - 2014-02-22 15:13 - 00331264 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-02-07 21:13 - 2014-01-30 19:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-07 11:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 11:49 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-07 11:22 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-06 12:57 - 2013-12-14 21:12 - 00767978 _____ () C:\Windows\system32\perfh007.dat
2015-02-06 12:57 - 2013-12-14 21:12 - 00160242 _____ () C:\Windows\system32\perfc007.dat
2015-02-06 12:57 - 2013-10-31 04:21 - 01785718 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 12:53 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-06 12:52 - 2014-12-02 16:09 - 00011420 _____ () C:\Windows\setupact.log
2015-02-06 12:52 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-06 12:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-06 12:51 - 2014-11-09 15:58 - 00274596 _____ () C:\Windows\PFRO.log
2015-02-06 12:51 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 12:51 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 09:57 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-04 21:35 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 21:10 - 2014-05-10 10:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-04 20:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:13 - 2014-03-02 14:27 - 679231059 _____ () C:\Windows\MEMORY.DMP
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jürgen\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 03:22
==================== End Of Log ============================
--- --- --- Scheinbar sind alle Probleme gelöst. Vielen Dank dafür! Eine Frage noch: Das ist nun der zweite Befall in einem Jahr. Ich verwende den McAfee, weil er beim Rechner dabei war. Mit dem Kaspersky ist mir sowas nie passiert. ich habe McAfee jetzt gekündigt und werde mir wieder einen Kaspersky draufmachen. Hat der Befall was mit dem Virenschutzprogramm zu tun? Viele Grüße in die Landeshauptstadt Jürgen |
|
08.02.2015, 10:41
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8 - Browsereingaben werden auf Werbung umgeleitet Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
C:\Program Files (x86)\Search Slate\Search Slate.exe
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\ch9Bh0A3.js
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\content.js
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\lsdb.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\abo@420.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\au@vH.edu\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\bg@d36E.net\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\eP@mZSd.com\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\K@PdnU.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\lN@x5bw8Oeu.edu\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\MKNRkXx@mFx.net\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\v@aIb.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\xc1h9p@E.edu\content\bg.js
C:\Users\Jürgen\Downloads\driver12_booster_setup.exe
C:\Users\Jürgen\Downloads\FFSetup3.2.1.0.exe
C:\Users\Jürgen\Downloads\FileZilla_3.9.0.5_win32-setup.exe
E:\BitBox Browser in the Box Firefox Edition - CHIP-Installer.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
c:\Program Files (x86)\funtoshop
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte. Zu deiner Frage: mag hart klingen, aber ein Befall hat nie was mit dem AV Programm zu tun. Sondern nur mit dem, der vor dem Bildschirm sitzt. Sicherheitskritische Software nicht up to date Surfverhalten Klickverhalten Downloads Installation von Freeware Software
__________________ --> Windows 8 - Browsereingaben werden auf Werbung umgeleitet |
|
08.02.2015, 15:32
| #7 |
| | Windows 8 - Browsereingaben werden auf Werbung umgeleitet Hallo Schrauber, ja, die Antwort war ja klar... Hier die Logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Jürgen at 2015-02-08 16:22:25 Run:1
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
C:\Program Files (x86)\Search Slate\Search Slate.exe
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\ch9Bh0A3.js
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\content.js
C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\lsdb.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\abo@420.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\au@vH.edu\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\bg@d36E.net\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\eP@mZSd.com\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\K@PdnU.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\lN@x5bw8Oeu.edu\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\MKNRkXx@mFx.net\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\v@aIb.org\content\bg.js
C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\xc1h9p@E.edu\content\bg.js
C:\Users\Jürgen\Downloads\driver12_booster_setup.exe
C:\Users\Jürgen\Downloads\FFSetup3.2.1.0.exe
C:\Users\Jürgen\Downloads\FileZilla_3.9.0.5_win32-setup.exe
E:\BitBox Browser in the Box Firefox Edition - CHIP-Installer.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
c:\Program Files (x86)\funtoshop
Emptytemp:
*****************
"C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe" => File/Directory not found.
"C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe" => File/Directory not found.
"C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe" => File/Directory not found.
"C:\Program Files (x86)\Search Slate\Search Slate.exe" => File/Directory not found.
"C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\ch9Bh0A3.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\content.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne\101\lsdb.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\abo@420.org\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\au@vH.edu\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\bg@d36E.net\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\eP@mZSd.com\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\K@PdnU.org\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\lN@x5bw8Oeu.edu\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\MKNRkXx@mFx.net\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\v@aIb.org\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\staged\xc1h9p@E.edu\content\bg.js" => File/Directory not found.
"C:\Users\Jürgen\Downloads\driver12_booster_setup.exe" => File/Directory not found.
"C:\Users\Jürgen\Downloads\FFSetup3.2.1.0.exe" => File/Directory not found.
"C:\Users\Jürgen\Downloads\FileZilla_3.9.0.5_win32-setup.exe" => File/Directory not found.
"E:\BitBox Browser in the Box Firefox Edition - CHIP-Installer.exe" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
4d49a557 => Service deleted successfully.
c:\Program Files (x86)\funtoshop => Moved successfully.
EmptyTemp: => Removed 524 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:22:48 ====
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 08-02-2015 16:27:26
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) F:\Programme\Office15\MSOSYNC.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
Failed to access process -> svchost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {7F3A15AD-2A95-40D8-B4C7-AAAF31F7F860} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7F3A15AD-2A95-40D8-B4C7-AAAF31F7F860} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-28]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-01-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 16:27 - 2015-02-08 16:27 - 00027425 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-08 16:23 - 2015-02-08 16:23 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-08 00:55 - 2015-02-08 00:55 - 02132992 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-08 00:55 - 2015-02-08 00:55 - 00000000 ____D () C:\Users\Jürgen\Downloads\FRST-OlderVersion
2015-02-08 00:53 - 2015-02-08 00:53 - 00852594 _____ () C:\Users\Jürgen\Downloads\SecurityCheck.exe
2015-02-07 11:49 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 11:49 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 09:06 - 2015-02-05 09:06 - 02347384 _____ (ESET) C:\Users\Jürgen\Downloads\esetsmartinstaller_deu.exe
2015-02-04 21:24 - 2015-02-04 21:24 - 00000615 _____ () C:\Users\Jürgen\Desktop\JRT.txt
2015-02-04 21:22 - 2015-02-04 21:22 - 01388274 _____ (Thisisu) C:\Users\Jürgen\Downloads\JRT.exe
2015-02-04 21:20 - 2015-02-04 21:20 - 00018655 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S0].txt
2015-02-04 21:15 - 2015-02-04 21:18 - 00000000 ____D () C:\AdwCleaner
2015-02-04 21:12 - 2015-02-04 21:13 - 02194432 _____ () C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
2015-02-04 21:12 - 2015-02-04 21:12 - 00014307 _____ () C:\Users\Jürgen\Desktop\mbam1.txt
2015-02-04 20:54 - 2015-02-04 20:54 - 00001082 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-04 20:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 20:52 - 2015-02-04 20:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 20:06 - 2015-02-04 20:06 - 00012237 _____ () C:\Users\Jürgen\Downloads\Gmer.txt
2015-02-04 19:13 - 2015-02-04 19:13 - 00296656 _____ () C:\Windows\Minidump\020415-6046-01.dmp
2015-02-04 19:13 - 2015-02-04 19:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 18:58 - 2015-02-04 18:58 - 00380416 _____ () C:\Users\Jürgen\Downloads\mm3j1gcq.exe
2015-02-04 18:55 - 2015-02-04 18:55 - 00041332 _____ () C:\Users\Jürgen\Downloads\Addition.txt
2015-02-04 18:54 - 2015-02-08 16:27 - 00000000 ____D () C:\FRST
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-05 09:36 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 16:24 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-08 16:23 - 2014-12-02 16:09 - 00011768 _____ () C:\Windows\setupact.log
2015-02-08 16:23 - 2014-11-09 15:58 - 00280462 _____ () C:\Windows\PFRO.log
2015-02-08 16:23 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-08 16:23 - 2014-02-22 15:13 - 00331264 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-02-08 16:23 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-08 16:23 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-08 16:23 - 2013-12-17 09:34 - 01998561 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 16:23 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 16:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-08 16:22 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-08 16:12 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-08 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-08 15:50 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 21:13 - 2014-01-30 19:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-07 11:49 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-07 11:49 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-07 11:22 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-06 12:57 - 2013-12-14 21:12 - 00767978 _____ () C:\Windows\system32\perfh007.dat
2015-02-06 12:57 - 2013-12-14 21:12 - 00160242 _____ () C:\Windows\system32\perfc007.dat
2015-02-06 12:57 - 2013-10-31 04:21 - 01785718 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 12:53 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-06 12:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-06 09:57 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-04 21:35 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 21:10 - 2014-05-10 10:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-04 20:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 19:13 - 2014-03-02 14:27 - 679231059 _____ () C:\Windows\MEMORY.DMP
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 03:22
==================== End Of Log ============================
--- --- --- Ich hatte Chrome schon deinstalliert, aber es sind scheinbar noch Reste davon vorhanden? Wie kann ich diese löschen? Grüße, Jürgen |
|
08.02.2015, 17:34
| #8 | ||
| /// the machine /// TB-Ausbilder | Windows 8 - Browsereingaben werden auf Werbung umgeleitetZitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
