Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.02.2015, 21:20   #1
Zeus24
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Icon21

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Hallo liebe trojaner-board Gemeinde,

mein Pc ist, denke ich, von einem Virus oder Trojaner befallen. Ständig werden neue Tabs geöffnet oder bei klick auf Tabs werden diese geschlossen. Weiterhin werden einfach neue Programme installiert, z.B. TuneUpUtilities oder die oben genannten. Seit heute kann ich keine Dateien mehr per 'drag and drop' in den Papierkorb verschieben.

Ich hoffe sehr, dass ihr mir helfen könnt. Vielen Dank schon mal jetzt im voraus =)

Hier die Logs, welche ich erstellen sollte:

FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by ****** (administrator) on ARBEITS-PC on 10-02-2015 20:57:37
Running from C:\Users\******\Downloads
Loaded Profiles: ****** (Available profiles: ******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
() C:\Users\******\AppData\Local\wincheck\wincheck.exe
(Phrase Finder) C:\Program Files (x86)\PhraseFinder_1.10.0.8\Service\pfsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(HD-Quality-3.1V06.02) C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.exe
(HD-Quality-3.1V06.02) C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [WinCheck] => C:\Users\******\AppData\Local\wincheck\wincheck.exe [304128 2015-02-06] ()
HKLM\...\RunOnce: [ASYNCMAC] => rundll32.exe streamci,StreamingDeviceSetup {eeab7790-c514-11d1-b42b-00805fc1270e},asyncmac,{ad498944-762f-11d0-8dcb-00c04fc3358c},C:\WINDOWS\INF\netrasa.inf,Ndi-Mp-AsyncMac
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [GoogleChromeAutoLaunch_BD891974AD4CE6B836D70E22CD229740] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [DellSystemDetect] => C:\Users\******\AppData\Local\Apps\2.0\VEVVJTZO.70K\H0QG9PGA.D5W\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-15] (Dell)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [GameHug Arcade] => C:\Users\******\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcade.exe [4406272 2014-09-04] ()
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\MountPoints2: {6f5b1200-7237-11e4-824f-806e6f6e6963} - "E:\Produkte-CD_Version_10_14.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameHugArcadeApp.lnk
ShortcutTarget: GameHugArcadeApp.lnk -> C:\Users\******\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {293B36D2-70C5-4F99-959E-3B71D65A13F3} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {56A7E625-FC34-47CE-B677-585B0CD702A9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ium6&utm_campaign=install_ie&utm_content=ds&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&ts=1423220711&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MFA23F85E-7CC6-4E75-9750-1797F939DE69&SearchSource=55&CUI=&UM=6&UP=SPEAAAD01C-C8F9-42C4-8E14-8183347D4730&SSPV=
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://istart.webssearches.com/?type=hp&ts=1416608086&from=brd&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (Google Tabellen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2015-01-04]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-06] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-06] (globalUpdate) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 pfsvc_1.10.0.8; C:\Program Files (x86)\PhraseFinder_1.10.0.8\Service\pfsvc.exe [278608 2015-01-21] (Phrase Finder)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-06] (SysTool PasSame LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-12-22] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R1 pfnfd_1_10_0_8; C:\Windows\System32\drivers\pfnfd_1_10_0_8.sys [58232 2015-01-21] (Phrase Finder)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-22] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 20:56 - 2015-02-10 20:57 - 00035005 _____ () C:\Users\******\Downloads\Addition.txt
2015-02-10 20:54 - 2015-02-10 20:57 - 00024763 _____ () C:\Users\******\Downloads\FRST.txt
2015-02-10 20:53 - 2015-02-10 20:53 - 00380416 _____ () C:\Users\******\Downloads\4hxdczjx.exe
2015-02-10 20:52 - 2015-02-10 20:57 - 00000000 ____D () C:\FRST
2015-02-10 20:50 - 2015-02-10 20:50 - 02132992 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2015-02-10 20:49 - 2015-02-10 20:49 - 00000000 _____ () C:\Users\******\defogger_reenable
2015-02-10 20:47 - 2015-02-10 20:49 - 00000476 _____ () C:\Users\******\Desktop\defogger_disable.log
2015-02-10 20:44 - 2015-02-10 20:44 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2015-02-10 20:29 - 2015-02-10 20:31 - 154051656 _____ () C:\Users\******\Downloads\avira_free_antivirus468_de.exe
2015-02-10 13:57 - 2015-02-10 14:03 - 00067584 _____ () C:\Users\******\Desktop\Potential-Analyse Christopher.xls
2015-02-10 13:13 - 2015-02-10 13:14 - 00415638 _____ () C:\Users\******\Desktop\Neu2.xlsm
2015-02-10 09:38 - 2015-02-10 12:56 - 00417940 _____ () C:\Users\******\Desktop\Neu.xlsm
2015-02-09 14:42 - 2015-02-09 14:44 - 00055281 _____ () C:\Users\******\Desktop\Test.xlsm
2015-02-09 12:54 - 2015-02-09 12:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-09 08:39 - 2015-02-09 08:40 - 00000000 ____D () C:\Users\******\Desktop\Fotos Uwe Pfisterer
2015-02-09 00:40 - 2015-02-09 00:40 - 00001771 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-09 00:40 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-09 00:34 - 2015-02-09 00:34 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-09 00:34 - 2015-02-09 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-06 15:06 - 2015-02-10 15:06 - 00002470 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5_user.job
2015-02-06 15:06 - 2015-02-10 15:06 - 00002470 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.job
2015-02-06 15:06 - 2015-02-06 15:06 - 00005474 _____ () C:\WINDOWS\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5
2015-02-06 15:05 - 2015-02-10 20:07 - 00002136 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-10_user.job
2015-02-06 15:05 - 2015-02-10 20:05 - 00005542 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.job
2015-02-06 15:05 - 2015-02-10 20:05 - 00003162 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.job
2015-02-06 15:05 - 2015-02-10 15:10 - 00001018 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-06 15:05 - 2015-02-10 15:10 - 00001014 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-06 15:05 - 2015-02-10 15:05 - 00005206 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.job
2015-02-06 15:05 - 2015-02-10 15:05 - 00003162 _____ () C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.job
2015-02-06 15:05 - 2015-02-10 15:05 - 00001368 _____ () C:\WINDOWS\Tasks\GBMAZI.job
2015-02-06 15:05 - 2015-02-06 15:06 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-3.1V06.02
2015-02-06 15:05 - 2015-02-06 15:05 - 02047448 _____ (HD-Quality-3.1V06.02) C:\Users\******\AppData\Roaming\GBMAZI.exe
2015-02-06 15:05 - 2015-02-06 15:05 - 00008546 _____ () C:\WINDOWS\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6
2015-02-06 15:05 - 2015-02-06 15:05 - 00008210 _____ () C:\WINDOWS\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7
2015-02-06 15:05 - 2015-02-06 15:05 - 00006166 _____ () C:\WINDOWS\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7
2015-02-06 15:05 - 2015-02-06 15:05 - 00006166 _____ () C:\WINDOWS\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6
2015-02-06 15:05 - 2015-02-06 15:05 - 00004382 _____ () C:\WINDOWS\System32\Tasks\GBMAZI
2015-02-06 15:05 - 2015-02-06 15:05 - 00003990 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-02-06 15:05 - 2015-02-06 15:05 - 00003754 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\Users\******\AppData\Local\globalUpdate
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-06 15:05 - 2015-02-06 15:05 - 00000000 ____D () C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05
2015-02-06 15:04 - 2015-02-06 15:04 - 00000000 ____D () C:\Users\******\AppData\Local\GameHugArcade
2015-02-06 15:03 - 2015-02-06 15:04 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade
2015-02-06 15:03 - 2015-02-06 15:03 - 00000000 ____D () C:\Users\******\AppData\Roaming\GameHugArcade
2015-02-06 15:00 - 2015-02-06 15:00 - 00000000 ____D () C:\Program Files (x86)\PhraseFinder_1.10.0.8
2015-02-06 13:21 - 2015-02-06 13:21 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-02-06 13:17 - 2015-02-06 13:21 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-02-06 13:17 - 2015-02-06 13:17 - 00628496 _____ (CMI Limited) C:\Users\******\AppData\Local\nsgF773.tmp
2015-02-06 12:08 - 2015-02-06 12:08 - 00004022 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-02-06 12:08 - 2015-02-06 12:08 - 00000000 ____D () C:\Users\******\AppData\Local\wincheck
2015-02-06 12:05 - 2015-02-06 14:59 - 00000000 ____D () C:\Users\******\AppData\Roaming\ASPackage
2015-02-06 12:05 - 2015-02-06 12:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-06 12:05 - 2015-02-06 12:05 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-06 12:04 - 2015-02-06 15:00 - 00000000 ____D () C:\Users\******\AppData\Roaming\mystartsearch
2015-02-06 12:04 - 2015-02-06 12:04 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-05 17:34 - 2015-02-05 17:34 - 00731913 _____ () C:\Users\******\Downloads\Konzeption einer Wissensdatenbank.pptx
2015-02-05 09:06 - 2015-02-05 09:06 - 00000976 _____ () C:\Users\******\Desktop\HKGELD-2000.lnk
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\******\Documents\HKGELD
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\dlg
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HKGELD-2000
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Program Files (x86)\HKGELD-2000
2015-02-05 09:03 - 2015-02-06 15:02 - 00005248 _____ () C:\WINDOWS\SysWOW64\ColorMedia.ini
2015-02-05 09:03 - 2015-02-06 15:02 - 00002832 _____ () C:\WINDOWS\SysWOW64\ColorMediaOff.ini
2015-02-05 09:03 - 2015-02-06 15:02 - 00002832 _____ () C:\WINDOWS\system32\ColorMediaOff.ini
2015-02-05 09:03 - 2015-02-06 15:02 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-02-05 09:03 - 2015-02-05 09:03 - 00003766 _____ () C:\WINDOWS\System32\Tasks\KTQOS
2015-02-05 09:03 - 2015-02-05 09:03 - 00000000 ____D () C:\ProgramData\FlashBeatData
2015-02-05 09:03 - 2015-02-05 09:03 - 00000000 ____D () C:\ProgramData\aa3dbf4110b343089a47d5931408bfc6
2015-02-05 09:03 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\ColorMedia64.dll
2015-02-05 09:03 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\SysWOW64\ColorMedia.dll
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\TuneUp Software
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\******\AppData\Local\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 08:53 - 2015-02-05 08:53 - 00620008 _____ () C:\Users\******\Downloads\hkg2000_114_CB-DL-Manager.exe
2015-02-03 16:05 - 2015-02-03 16:05 - 00349941 _____ () C:\Users\******\Desktop\Fördercheckformular.xlsm
2015-01-31 16:50 - 2015-02-10 09:03 - 00351009 _____ () C:\Users\******\Desktop\Fördercheckformular - Original.xlsm
2015-01-29 09:01 - 2015-02-04 15:06 - 00014192 _____ () C:\Users\******\Desktop\Partner Aktion.xlsx
2015-01-26 08:05 - 2015-01-26 08:05 - 00262144 ____N () C:\WINDOWS\Minidump\012615-33015-01.dmp
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\******\AppData\Roaming\GBMAZI
2015-01-22 11:13 - 2015-01-22 11:13 - 00466167 _____ () C:\Users\******\Downloads\Analysebericht.xlsx
2015-01-21 20:42 - 2015-01-21 20:42 - 00058232 _____ (Phrase Finder) C:\WINDOWS\system32\Drivers\pfnfd_1_10_0_8.sys
2015-01-19 08:36 - 2015-01-19 08:37 - 00000160 _____ () C:\Users\******\Desktop\Code automatisches öffnen.txt
2015-01-19 08:36 - 2015-01-19 08:36 - 00000000 ___RD () C:\Users\******\Documents\Notes
2015-01-15 15:44 - 2015-01-15 15:44 - 00069120 _____ () C:\Users\******\Downloads\Rendite_Riester.xls
2015-01-14 09:34 - 2015-01-14 09:34 - 04972848 _____ (TeamViewer) C:\Users\******\Downloads\TeamViewerQS_de-idcfz2ka2r.exe
2015-01-14 09:34 - 2015-01-14 09:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\TeamViewer
2015-01-14 07:46 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:46 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:46 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:46 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:46 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:46 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:46 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:46 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:46 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 07:46 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 20:49 - 2014-11-22 12:18 - 00000000 ____D () C:\Users\******
2015-02-10 20:34 - 2014-12-01 16:22 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 20:07 - 2014-11-22 12:43 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A31A0F7D-2455-433A-9F54-101AC9E9F96B}
2015-02-10 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-10 19:47 - 2014-12-08 08:27 - 01496302 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 16:34 - 2014-12-01 16:22 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 09:03 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 09:03 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 09:03 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 07:57 - 2014-12-18 09:42 - 00000000 ____D () C:\Users\******\.freemind
2015-02-10 07:57 - 2014-12-04 14:13 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-09 13:21 - 2014-11-21 22:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-02-09 12:54 - 2014-12-08 08:23 - 00006767 _____ () C:\WINDOWS\setupact.log
2015-02-09 08:39 - 2014-12-09 22:07 - 00139776 ___SH () C:\Users\******\Desktop\Thumbs.db
2015-02-09 06:42 - 2014-11-16 22:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600528798-198841283-459962802-1003
2015-02-09 00:39 - 2014-11-19 23:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-08 23:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-06 16:29 - 2014-12-01 16:22 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:29 - 2014-12-01 16:22 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:05 - 2013-12-22 13:49 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2015-02-06 15:03 - 2014-11-22 09:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 13:41 - 2014-11-21 22:59 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-02-06 13:21 - 2014-11-21 22:59 - 00002812 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-02-06 13:21 - 2014-11-21 22:59 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-02-06 13:21 - 2014-11-21 22:59 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-02-06 13:21 - 2014-11-21 22:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-02-06 12:04 - 2014-11-16 21:54 - 00001650 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-06 11:23 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 13:04 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\******\AppData\Local\VirtualStore
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 16:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-02-03 16:05 - 2014-12-02 20:10 - 00155136 _____ () C:\Users\******\Desktop\Potential-Analyse-2.xls
2015-02-01 12:22 - 2014-12-01 18:23 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-****** Arbeits-PC
2015-01-31 12:31 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2015-01-29 15:53 - 2014-12-19 18:09 - 00000000 ____D () C:\Users\******\Desktop\Scans Neukunden
2015-01-26 08:23 - 2014-11-22 12:42 - 00000000 ____D () C:\Users\******\OneDrive
2015-01-26 08:05 - 2014-12-08 08:23 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-26 08:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-15 18:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 09:53 - 2014-11-18 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 09:50 - 2013-06-10 17:39 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-12 15:43 - 2014-12-21 11:04 - 00000044 _____ () C:\Users\******\Desktop\Stufenmodell_Initialisierung.txt

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\******\AppData\Roaming\GBMAZI
2015-02-06 15:05 - 2015-02-06 15:05 - 2047448 _____ (HD-Quality-3.1V06.02) C:\Users\******\AppData\Roaming\GBMAZI.exe
2014-11-21 22:14 - 2014-11-21 22:13 - 0613057 _____ (CMI Limited) C:\Users\******\AppData\Local\nscEBFA.tmp
2015-02-06 13:17 - 2015-02-06 13:17 - 0628496 _____ (CMI Limited) C:\Users\******\AppData\Local\nsgF773.tmp
2014-11-21 22:58 - 2014-11-21 22:58 - 0613057 _____ (CMI Limited) C:\Users\******\AppData\Local\nso7C6.tmp
2013-12-17 01:30 - 2013-12-17 01:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\CloudBackup63.exe
C:\Users\******\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\******\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\******\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\******\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\******\AppData\Local\Temp\SpOrder.dll
C:\Users\******\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\******\AppData\Local\Temp\Uninstall.exe
C:\Users\******\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by ******* at 2015-02-10 20:58:12
Running from C:\Users\*******\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.12.3042.71515 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.12.3042.71515 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.151 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GameHugArcade (HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\GameHugArcade) (Version: 1.0.1.33 - GameHugArcade)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HD-Quality-3.1V06.02 (HKLM-x32\...\HD-Quality-3.1V06.02) (Version: 1.36.01.22 - HD-Quality-3.1V06.02)
HKGELD-2000 Version 1.14 (HKLM-x32\...\HKGELD-2000_is1) (Version:  - Holger Krinke Softwareentwicklung)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3600 - Broadcom Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Phrase Finder 1.10.0.8 (HKLM-x32\...\PhraseFinder_1.10.0.8) (Version: 1.10.0.8 - Phrase Finder)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Xerox Phaser 3300MFP (HKLM-x32\...\Xerox Phaser 3300MFP) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2600528798-198841283-459962802-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2600528798-198841283-459962802-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*******\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-01-2015 10:50:37 Windows Update
28-01-2015 14:48:44 Windows Update
06-02-2015 11:19:00 Windows Update
09-02-2015 00:30:31 Installed Evernote v. 5.8.3

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06DFB746-361D-46FF-9754-B701D73D0D3B} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6 => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {081E5D80-B30C-4547-B467-09BE9C226795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: {15E65FE8-7AD4-4D32-9434-C0AD0815F352} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2E57AC4F-8823-4B4F-BEAB-E81A1CA5BDF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {482FA912-E1C4-447C-9307-5C5B3EB27E27} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6 => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {54CB80C4-CF46-4840-8184-8021B4FF1199} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-06] (globalUpdate) <==== ATTENTION
Task: {5A3F3AC6-313B-442E-A358-782D16ACD4A1} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7 => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {5AC9E45B-EEE2-4006-AE49-EDE17DB19145} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-******* Arbeits-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-01] (Microsoft Corporation)
Task: {66D0969B-1E15-44A7-A638-BFB0CE825418} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-12-01] (Microsoft Corporation)
Task: {67809D8E-4FD8-49AD-B5BC-480EC8C47026} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-02-06] (AnyProtect.com) <==== ATTENTION
Task: {6B0B9414-9C64-4202-A8D3-055E1C97E2E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {6EE84C8B-C009-45B5-8C26-082EA55FD715} - System32\Tasks\{7EBDF323-AB8A-4286-B4CD-85E6C0679A0B} => pcalua.exe -a C:\Users\*******\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=brd <==== ATTENTION
Task: {7C1A8C3E-2CD6-41CA-BD58-CE38BA257017} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-02-06] (AnyProtect.com) <==== ATTENTION
Task: {8D1CBC2C-E24C-4835-814F-A4D2DC755C57} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8D417671-C922-4DC6-AE62-B674702A2558} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5 => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {AB22EE38-E458-40E4-86B5-14752B937474} - System32\Tasks\GBMAZI => C:\Users\*******\AppData\Roaming\GBMAZI.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {AF0FF912-1AA8-4740-9E6F-0795A004BA93} - System32\Tasks\KTQOS => C:\ProgramData\aa3dbf4110b343089a47d5931408bfc6\aa3dbf4110b343089a47d5931408bfc6.exe [2015-02-04] ()
Task: {AF8E9522-8E2C-416F-BCE5-E9B698780992} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-02-06] (AnyProtect.com) <==== ATTENTION
Task: {B147E82E-B4BE-4453-A566-FB70814B3AF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: {C37842E6-4BB4-43EB-A8BF-F80552235339} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7 => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {CD08041F-6140-48A3-B4CC-D0626CFC6990} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-06] (globalUpdate) <==== ATTENTION
Task: {D7198F52-01FB-43C9-9198-DE0E276227AE} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5_user => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {E861A037-A12B-43FE-BED4-E05A8BFF641C} - System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-10_user => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-10.exe [2015-02-06] (HD-Quality-3.1V06.02) <==== ATTENTION
Task: {F763B5B9-3E85-441B-B051-6AF920660296} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2600528798-198841283-459962802-1003 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {FF5C607D-8182-48A9-ADE3-F634C490E5DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-10_user.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5_user.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.job => C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GBMAZI.job => C:\Users\*******\AppData\Roaming\GBMAZI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============
         
Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:49 on 10/02/2015 (******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-10 21:04:01
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: 4hxdczjx.exe; Driver: C:\Users\*****\AppData\Local\Temp\awldqfow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                           fffff96000236200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                      fffff96000236210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                       00007fffce10169a 4 bytes [10, CE, FF, 7F]
.text    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                       00007fffce1016a2 4 bytes [10, CE, FF, 7F]
.text    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                          00007fffce10181a 4 bytes [10, CE, FF, 7F]
.text    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3236] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                          00007fffce101832 4 bytes [10, CE, FF, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [628:12728]                                                                                                                                                                                 fffff96000967b90
Thread   C:\WINDOWS\system32\dashost.exe [1888:14576]                                                                                                                                                                              00000076bbeec740
Thread   C:\WINDOWS\system32\dashost.exe [1888:8288]                                                                                                                                                                               00000076bbeec740
Thread   C:\WINDOWS\system32\dashost.exe [1888:15244]                                                                                                                                                                              00000076bbeec740
Thread   C:\WINDOWS\system32\dashost.exe [1888:9104]                                                                                                                                                                               00000076bbeec740
---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [1836]       000000005c240000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [1836]       000000005b810000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [1836]  000000005b7c0000
Process  C:\Users\*****\AppData\Local\wincheck\wincheck.exe (*** suspicious ***) @ C:\Users\*****\AppData\Local\wincheck\wincheck.exe [15264](2015-02-06 00:22:22)                                                             0000000000e80000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                                       000000005c240000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                                    0000000061770000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                                  0000000064f10000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                                    000000005daa0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                                   000000005bd30000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA7.1\1031\VBE7INTL.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE [10644]                                           0000000066e50000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         
Vielen Dank nochmal.

LG
Zeus24

Alt 11.02.2015, 06:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    mystartsearch uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 11.02.2015, 09:58   #3
Zeus24
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Hallo schrauber,

vielen Dank für deine schnelle Antwort.
Ich habe alle deine Aufgaben durchgeführt. Hier die Ergebnisse:

mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.02.2015
Suchlauf-Zeit: 09:13:35
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.11.02
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366239
Verstrichene Zeit: 12 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 11
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1420, Löschen bei Neustart, [bf6f938af79380b622a495d113ed9c64]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1800, Löschen bei Neustart, [f638c35ae4a60f277cb09476020020e0]
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.exe, 1260, Löschen bei Neustart, [a9855cc17f0b7fb72ba4805753ae44bc]
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.exe, 2784, Löschen bei Neustart, [022cf12cfb8f4fe71db29443ba476799]
Adware.BackAd, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, 5652, Löschen bei Neustart, [3cf24bd25b2fa19597aaa607a65f7090]
PUP.Optional.WinCheck.A, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, 5652, Löschen bei Neustart, [0727859855350234d504a1eba95ae11f]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 3876, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, 4516, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8]
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\Service\pfsvc.exe, 1316, Löschen bei Neustart, [36f845d8bad058de047f89013cc79a66]
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcade.exe, 2188, Löschen bei Neustart, [35f9170617730a2c2971f6962bd835cb]
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe, 5644, Löschen bei Neustart, [26088f8ea6e4ee488bfcec9a41c2ef11]

Module: 10
PUP.Optional.Nova.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\17757348-a72f-46d9-b551-3912cf6c06da.dll, Löschen bei Neustart, [909eb568622885b1c722f412639fa759], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 

Registrierungsschlüssel: 61
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [bf6f938af79380b622a495d113ed9c64], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [f638c35ae4a60f277cb09476020020e0], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.PhraseFinder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PhraseFinder_1.10.0.8, In Quarantäne, [a886be5f78122313e739eb311be77987], 
PUP.Optional.PhraseFinder.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pfnfd_1_10_0_8, In Quarantäne, [3ef059c45a307abc95f0b7d356ad966a], 
PUP.Optional.WinCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\wincheck, In Quarantäne, [0727859855350234d504a1eba95ae11f], 
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\Flashbeat, In Quarantäne, [ef3fd24b5139a78f7cbf8702b350649c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [210d62bb4842ff37e125388f24df748c], 
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, In Quarantäne, [dd51b469fc8ec571013a0a7ff80b49b7], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HD-Quality-3.1V06.02, In Quarantäne, [b47aaf6ef694b383dce97c1f996a1be5], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HD-Quality-3.1V06.02-nv, In Quarantäne, [4de1988551393bfbf3d23a61e51e4ab6], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\HD-Quality-3.1V06.02-nv-ie, In Quarantäne, [f23c1805721836006263b5e6cd36619f], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [9599ea33b1d92214b3f5b2dcfa0955ab], 
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [ea4419041c6e4aec4a380a8c8b78fd03], 
PUP.Optional.PhraseFinder.A, HKLM\SOFTWARE\WOW6432NODE\PhraseFinder_1.10.0.8, In Quarantäne, [3df1b568a4e65fd74a3c206a23e07b85], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [ad81cb52a3e7e94da36653b652b3f60a], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [cc62ce4f6c1ef343b2a694187192a858], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [ad81d24bb8d21d195fa7289fe122cc34], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [230b28f5107a71c5d1f8f40020e4d62a], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [fb33110cd5b5c96d3396b65513f2847c], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [d35b50cd6f1b75c1efdb0308b94c28d8], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [250956c7008ae15576fe871d4cb7b34d], 
PUP.Optional.PhraseFinder.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pfsvc_1.10.0.8, In Quarantäne, [36f845d8bad058de047f89013cc79a66], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [a18d76a7c7c379bd60499801ca39649c], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HD-Quality-3.1V06.02-nv, In Quarantäne, [e8469489197167cf3a8ca0fbcc3747b9], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HD-Quality-3.1V06.02-nv-ie, In Quarantäne, [70be58c51e6c4de9f7cff4a79c67926e], 
PUP.Optional.ClicUp.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\clicup, In Quarantäne, [97970419f4962115f74efe8ee41f6f91], 
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GameHug, In Quarantäne, [cd613ae31b6f82b42bcdb5d617ec738d], 
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GameHugArcadeApp, In Quarantäne, [2905ad702c5efb3be41699f2a85b847c], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HD-Quality-3.1V06.02, In Quarantäne, [fe30b568771352e475513d5e2bd88f71], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HD-Quality-3.1V06.02-nv, In Quarantäne, [909e57c63852d462dee8742728db03fd], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HD-Quality-3.1V06.02-nv-ie, In Quarantäne, [fd319588c6c41521d7ef7a2150b311ef], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [bb738499c1c978be9fc3f80512f25aa6], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [929c021b494144f26ac2577c06fdd52b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [949aa578503a40f606385495a75d2cd4], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [54daf12cd6b43df9801337694db6629e], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HD-Quality-3.1V06.02, In Quarantäne, [e34baa73d0ba280ef22bf3a2af54bc44], 
PUP.Optional.Qone8, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [fd3139e41971dd595b6df8fcf3113fc1], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.HDQuality.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HD-Quality-3.1V06.02, In Quarantäne, [0c22819c4b3f52e4d8eac6a829da08f8], 
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GameHugArcade, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 

Registrierungswerte: 6
Adware.BackAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinCheck, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, In Quarantäne, [3cf24bd25b2fa19597aaa607a65f7090]
PUP.Optional.WinCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WinCheck, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, In Quarantäne, [0727859855350234d504a1eba95ae11f]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [cc62ce4f6c1ef343b2a694187192a858]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ium6, In Quarantäne, [250956c7008ae15576fe871d4cb7b34d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R1F2W1N1D1S0C1F1I1R, In Quarantäne, [949aa578503a40f606385495a75d2cd4]
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GameHug Arcade, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcade.exe /b, In Quarantäne, [35f9170617730a2c2971f6962bd835cb]

Registrierungsdaten: 15
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[e44a2cf1d8b243f3a5c26d417590cd33]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[29055fbe67234cea55106a449d68a957]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}),Ersetzt,[aa843edfe3a70234d5da753949bc629e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[08263ae33c4e8da9703e4e6050b5867a]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[5fcf8b923d4dc373fa3d74483dc833cd]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}),Ersetzt,[68c667b63d4d71c5dcd4e7c7b64f2bd5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (Chrome.exe), Schlecht: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[ab83a07d7317c86edc8b604e11f4bf41]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[f43a819cd8b250e665004f5f26df857b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}),Ersetzt,[1f0fb667e7a3d75fcde27c3259acef11]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[4fdfac71afdbfd39208e921ca65f728e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[7eb03be29febff37bf7855670ef70af6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010&q={searchTerms}),Ersetzt,[d45a8f8e8901e452961a6945030223dd]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[ee407ca190facf6796e80ab06e97a15f]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[f23ca17c5634e353fe37645842c36f91]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2600528798-198841283-459962802-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010),Ersetzt,[de505ac3bcce2e08159cdad436cfb24e]

Ordner: 51
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeatData, In Quarantäne, [44ea99846f1bce687ac26c1e18eb8e72], 
PUP.Optional.WinCheck.A, C:\Users\*****\AppData\Local\wincheck, Löschen bei Neustart, [0727859855350234d504a1eba95ae11f], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [78b6b16c53371323a2927eead42f9b65], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [78b6b16c53371323a2927eead42f9b65], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{91F80829-68F3-4C51-9107-89A80AE0219D}, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02, Löschen bei Neustart, [0c22819c4b3f52e4d8eac6a829da08f8], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [56d805183b4f1e1809cb4143d1329c64], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [56d805183b4f1e1809cb4143d1329c64], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\locales, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\plugin, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade, Löschen bei Neustart, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade, Löschen bei Neustart, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbaricons, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade, In Quarantäne, [e5493fde692153e36028d9adb44f2fd1], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8, Löschen bei Neustart, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\Service, Löschen bei Neustart, [5bd349d4ddade35361e75434a75c916f], 

Dateien: 189
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [bf6f938af79380b622a495d113ed9c64], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [f638c35ae4a60f277cb09476020020e0], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.exe, Löschen bei Neustart, [a9855cc17f0b7fb72ba4805753ae44bc], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.exe, Löschen bei Neustart, [022cf12cfb8f4fe71db29443ba476799], 
PUP.Optional.Nova.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\17757348-a72f-46d9-b551-3912cf6c06da.dll, Löschen bei Neustart, [909eb568622885b1c722f412639fa759], 
Adware.BackAd, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, Löschen bei Neustart, [3cf24bd25b2fa19597aaa607a65f7090], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [8ca25ebfb3d70c2a9963897e27dcd22e], 
PUP.Optional.Nova.A, C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05\57f2b51c-bee4-416c-b34b-ee1fbc2c8d43.dll, In Quarantäne, [54dada436129b97d49a027dfc63cf30d], 
PUP.Optional.Nova.A, C:\Program Files (x86)\AmIcoSingLun\775fbdf8-0715-4dab-a6f3-c846c258cdb0.dll, In Quarantäne, [58d6e43951391b1b47a222e4a85a24dc], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.exe, In Quarantäne, [89a547d62466c3739c336e69f30e8a76], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-10.exe, In Quarantäne, [7db175a83555c76ff2dd696eba47c838], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.exe, In Quarantäne, [88a653ca66246dc997380ec98f72946c], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-64.exe, In Quarantäne, [5dd169b4602af343d1feba1d70910ff1], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.exe, In Quarantäne, [f23c2cf19eec0b2bc20de2f54cb58b75], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\utils.exe, In Quarantäne, [1e10c459e0aa082ec0ad80ccd72948b8], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\Uninstall.exe, In Quarantäne, [a886be5f78122313e739eb311be77987], 
Adware.BackAd, C:\Users\*****\AppData\Local\Temp\nst90CE.tmp, In Quarantäne, [ce601409ed9daa8c79c803aa0500639d], 
PUP.Optional.PhraseFinder.A, C:\Users\*****\AppData\Local\Temp\is45637729\428650144_stp\phrasefinder-setup-1.10.0.8.exe, In Quarantäne, [0d21839acac0bc7a45dbbe5eca3858a8], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeatData\Config.bin, In Quarantäne, [44ea99846f1bce687ac26c1e18eb8e72], 
PUP.Optional.PhraseFinder.A, C:\Windows\System32\drivers\pfnfd_1_10_0_8.sys, In Quarantäne, [3ef059c45a307abc95f0b7d356ad966a], 
PUP.Optional.SelectNGo.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, In Quarantäne, [9c9277a60b7f6ec89ba9513a887b50b0], 
PUP.Optional.SelectNGo.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, In Quarantäne, [7db1cc5196f4fe383e06612a14ef7b85], 
PUP.Optional.WebsSearches.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, In Quarantäne, [7bb324f9c4c64aecb7dccbc15ca729d7], 
PUP.Optional.WebsSearches.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, In Quarantäne, [3af4d24b602a40f6f2a1424ad0333ec2], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameHugArcadeApp.lnk, In Quarantäne, [45e98d90305a13235c3ddbb18281e21e], 
PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, In Quarantäne, [8ea016078dfde74fe5f07418b64dc53b], 
PUP.Optional.WinCheck.A, C:\Users\*****\AppData\Local\wincheck\wincheck.exe, Löschen bei Neustart, [0727859855350234d504a1eba95ae11f], 
PUP.Optional.WinCheck.A, C:\Users\*****\AppData\Local\wincheck\Uninstall.exe, In Quarantäne, [0727859855350234d504a1eba95ae11f], 
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrT_01009.Wdf, In Quarantäne, [ca640f0e2a60ef476994bcd1e61db749], 
PUP.Optional.MyStartSearch.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, Löschen bei Neustart, [c26c17069bef69cd987babe3e81b0ef2], 
PUP.Optional.MyStartSearch.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, Löschen bei Neustart, [220cd746a9e1dc5a1ff4d7b7857e2ad6], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [cc6261bc1e6c01350b9e9ef02ed558a8], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6, In Quarantäne, [3bf364b9226885b1c0937a3217ec3dc3], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7, In Quarantäne, [5dd1c756abdf043221321a9263a0639d], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-10_user, In Quarantäne, [72bc6bb26129132389ca8c20f40f1fe1], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5, In Quarantäne, [250906178efc6bcbbe953874c83ba957], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5_user, In Quarantäne, [df4f30edb1d9b97d61f2e9c3ed16ba46], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6, In Quarantäne, [0f1f52cb0b7f5cdaf3602e7e4ab9bc44], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7, In Quarantäne, [ac82a47999f1b6805bf8cce062a127d9], 
PUP.Optional.SelectNGo.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [a48ad34a2d5dde58f257b8004ab9d62a], 
PUP.Optional.SelectNGo.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [d15d6bb2157584b25fea1b9d40c3c33d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-6.job, In Quarantäne, [e44a77a6cfbb55e11f827d8c5fa6b749], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-1-7.job, In Quarantäne, [9599001d701a61d5dac745c425e01ce4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-10_user.job, In Quarantäne, [9f8f60bdcfbb60d6ecb506030df8837d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5.job, In Quarantäne, [6cc269b48bff59dd9b06dd2c58adc43c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-5_user.job, In Quarantäne, [34fac55856343204524fb15806ffa957], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-6.job, In Quarantäne, [b27c77a6701a4aec7c25a8610ef7f709], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a162695d-a4cd-4799-8ccf-c85d41a9164e-7.job, In Quarantäne, [2a0442dbdcaeed49366b8e7b50b55ba5], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [c9658a934248f541ebc5cd3c0500cb35], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [6cc24dd05a30b482228fff0a8283d32d], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [aa8425f8028803336e448782d72ef20e], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [c5696ab3206adf57991ad8310ef7639d], 
PUP.Optional.ReMarkable.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Löschen bei Neustart, [81ada4792862c07609d54ac339cc2fd1], 
PUP.Optional.ReMarkable.A, C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Löschen bei Neustart, [cc622cf1ddad42f46b7356b7d5300ef2], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [de50011c0585ae880248e925867f926e], 
PUP.Optional.ColorMedia.A, C:\Windows\System32\ColorMediaOff.ini, In Quarantäne, [51dd70adc0caef47e269af5fe81ded13], 
PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMediaOff.ini, In Quarantäne, [37f7928b7b0f1c1a5bf049c51ee7bc44], 
PUP.Optional.Vitruvian.A, C:\Users\*****\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [b37bbf5e404a2610170edb3754b11de3], 
PUP.Optional.Vitruvian.A, C:\Users\*****\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [c06efc216c1e4fe7f92cbc56f213629e], 
PUP.Optional.Vitruvian.A, C:\Users\*****\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [111d8d90f6946dc9d154b85ab253a759], 
PUP.Optional.Vitruvian.A, C:\Users\*****\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [ff2f938a5337989ed84dc34f14f1e31d], 
PUP.Optional.Vitruvian.A, C:\Users\*****\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [b07ea37a751563d395909c76f015659b], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\Service\pfsvc.exe, Löschen bei Neustart, [36f845d8bad058de047f89013cc79a66], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcade.exe, Löschen bei Neustart, [35f9170617730a2c2971f6962bd835cb], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [2707ee2f4f3b5ed8e62088e21ae908f8], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\GoogleCrashHandler.exe, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\GoogleUpdate.exe, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\GoogleUpdateBroker.exe, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\GoogleUpdateHelper.msi, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\GoogleUpdateOnDemand.exe, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\goopdate.dll, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\goopdateres_en.dll, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\npGoogleUpdate4.dll, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\psmachine.dll, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.GlobalUpdate.A, C:\Users\*****\AppData\Local\Temp\comh.224517\psuser.dll, In Quarantäne, [ec4270ad1872f145ad7575f5ae559769], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\16643110-ba96-4570-9cda-322417ded1aa.dll, In Quarantäne, [0c22819c4b3f52e4d8eac6a829da08f8], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\bgNova.html, In Quarantäne, [0c22819c4b3f52e4d8eac6a829da08f8], 
PUP.Optional.HDQuality.A, C:\Program Files (x86)\HD-Quality-3.1V06.02\Uninstall.exe, In Quarantäne, [0c22819c4b3f52e4d8eac6a829da08f8], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\ffmpegsumo.dll, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\GameHugArcadeApp.dat, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\GameHugArcadeBrowser.exe, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\icudt.dll, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\libcef.dll, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\locales\en-US.pak, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Local\GameHugArcade\plugin\npswf32.dll, In Quarantäne, [71bd8b92b1d9b086baccdaac28db936d], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\desktop.ico, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe, Löschen bei Neustart, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeappuninstall.exe, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbarmenu.xml, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\topwebsites.xml, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\uninstall.exe, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbaricons\amazon-58x21.jpg, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbaricons\amazon-58x21.jpg.valid, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbaricons\logoEbay-58x21.jpg, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\GameHugArcade\GameHug Arcade\toolbaricons\logoEbay-58x21.jpg.valid, In Quarantäne, [26088f8ea6e4ee488bfcec9a41c2ef11], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade\GameHug Arcade.lnk, In Quarantäne, [e5493fde692153e36028d9adb44f2fd1], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade\Uninstall GameHugArcade.lnk, In Quarantäne, [e5493fde692153e36028d9adb44f2fd1], 
PUP.Optional.GameHugArcade.A, C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade\www.gamehug.com.url, In Quarantäne, [e5493fde692153e36028d9adb44f2fd1], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\terms-of-service.rtf, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\buildcrx-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\Info-ZIP-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\JSON-simple-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\nsJSON-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\Nustache-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\TaskScheduler-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 
PUP.Optional.PhraseFinder.A, C:\Program Files (x86)\PhraseFinder_1.10.0.8\3rd Party Licenses\UAC-license.txt, In Quarantäne, [5bd349d4ddade35361e75434a75c916f], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
awd;
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 09:41:45
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : ****** - ARBEITS-PC
# Gestarted von : C:\Users\******\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\aa3dbf4110b343089a47d5931408bfc6
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\******\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\******\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Datei Gelöscht : C:\Users\******\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_searches.vi-view.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{293B36D2-70C5-4F99-959E-3B71D65A13F3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56A7E625-FC34-47CE-B677-585B0CD702A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [9218 Bytes] - [11/02/2015 09:38:48]
AdwCleaner[S0].txt - [8824 Bytes] - [11/02/2015 09:41:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8883  Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by ******* on 11.02.2015 at  9:46:19,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\*******\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\*******\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.02.2015 at  9:48:08,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und ein neues FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by ******* (administrator) on ARBEITS-PC on 11-02-2015 09:48:59
Running from C:\Users\*******\Downloads
Loaded Profiles: ******* (Available profiles: *******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Dell) C:\Users\*******\AppData\Local\Apps\2.0\VEVVJTZO.70K\H0QG9PGA.D5W\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [GoogleChromeAutoLaunch_BD891974AD4CE6B836D70E22CD229740] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [DellSystemDetect] => C:\Users\*******\AppData\Local\Apps\2.0\VEVVJTZO.70K\H0QG9PGA.D5W\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-15] (Dell)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\MountPoints2: {6f5b1200-7237-11e4-824f-806e6f6e6963} - "E:\Produkte-CD_Version_10_14.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MFA23F85E-7CC6-4E75-9750-1797F939DE69&SearchSource=55&CUI=&UM=6&UP=SPEAAAD01C-C8F9-42C4-8E14-8183347D4730&SSPV=
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://istart.webssearches.com/?type=hp&ts=1416608086&from=brd&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "?type=hppp"
CHR DefaultSearchKeyword: Default -> 
CHR DefaultSearchURL: Default -> web/?type=dspp&q={searchTerms}
CHR Profile: C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (efjjgphedlaihnlgaibiaihhmhaejjdd) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2015-02-10]
CHR Extension: (Google Tabellen) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2015-01-04]
CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-12-22] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-22] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 09:48 - 2015-02-11 09:48 - 00000920 _____ () C:\Users\*******\Desktop\JRT2.txt
2015-02-11 09:48 - 2015-02-11 09:48 - 00000920 _____ () C:\Users\*******\Desktop\JRT.txt
2015-02-11 09:45 - 2015-02-11 09:46 - 01388274 _____ (Thisisu) C:\Users\*******\Downloads\JRT.exe
2015-02-11 09:44 - 2015-02-11 09:44 - 00008967 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt
2015-02-11 09:38 - 2015-02-11 09:38 - 00000000 ____D () C:\Users\*******\Desktop\1
2015-02-11 09:37 - 2015-02-11 09:37 - 00055670 _____ () C:\Users\*******\Desktop\mbam.txt
2015-02-11 09:16 - 2015-02-11 09:41 - 00000000 ____D () C:\AdwCleaner
2015-02-11 09:15 - 2015-02-11 09:15 - 02112512 _____ () C:\Users\*******\Downloads\AdwCleaner_4.110.exe
2015-02-11 09:08 - 2015-02-11 09:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*******\Downloads\revosetup95.exe
2015-02-11 09:08 - 2015-02-11 09:08 - 00001286 _____ () C:\Users\*******\Desktop\Revo Uninstaller.lnk
2015-02-11 09:08 - 2015-02-11 09:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 06:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 06:34 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 06:34 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 06:34 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 06:34 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 06:34 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 06:34 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 06:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 06:34 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 06:34 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 06:34 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 06:34 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 06:34 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 06:34 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 06:34 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 06:34 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 06:34 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 06:34 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 06:34 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 06:34 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 06:34 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 06:34 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 06:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 06:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 06:34 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 06:34 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 06:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 06:34 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 06:34 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 06:34 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 20:56 - 2015-02-10 20:58 - 00018035 _____ () C:\Users\*******\Downloads\Addition.txt
2015-02-10 20:54 - 2015-02-11 09:49 - 00018038 _____ () C:\Users\*******\Downloads\FRST.txt
2015-02-10 20:53 - 2015-02-10 20:53 - 00380416 _____ () C:\Users\*******\Downloads\4hxdczjx.exe
2015-02-10 20:52 - 2015-02-11 09:49 - 00000000 ____D () C:\FRST
2015-02-10 20:50 - 2015-02-10 20:50 - 02132992 _____ (Farbar) C:\Users\*******\Downloads\FRST64.exe
2015-02-10 20:49 - 2015-02-10 20:49 - 00000000 _____ () C:\Users\*******\defogger_reenable
2015-02-10 20:44 - 2015-02-10 20:44 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2015-02-10 20:29 - 2015-02-10 20:31 - 154051656 _____ () C:\Users\*******\Downloads\avira_free_antivirus468_de.exe
2015-02-10 13:13 - 2015-02-10 13:14 - 00415638 _____ () C:\Users\*******\Desktop\Neu2.xlsm
2015-02-10 09:38 - 2015-02-10 12:56 - 00417940 _____ () C:\Users\*******\Desktop\Neu.xlsm
2015-02-09 12:54 - 2015-02-09 12:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-09 08:39 - 2015-02-09 08:40 - 00000000 ____D () C:\Users\*******\Desktop\Fotos Uwe Pfisterer
2015-02-09 00:40 - 2015-02-09 00:40 - 00001771 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-09 00:40 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-09 00:34 - 2015-02-09 00:34 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-09 00:34 - 2015-02-09 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-06 15:05 - 2015-02-11 09:26 - 00000000 ____D () C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05
2015-02-06 13:17 - 2015-02-06 13:17 - 00628496 _____ (CMI Limited) C:\Users\*******\AppData\Local\nsgF773.tmp
2015-02-05 17:34 - 2015-02-05 17:34 - 00731913 _____ () C:\Users\*******\Downloads\Konzeption einer Wissensdatenbank.pptx
2015-02-05 09:06 - 2015-02-05 09:06 - 00000976 _____ () C:\Users\*******\Desktop\HKGELD-2000.lnk
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\*******\Documents\HKGELD
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\*******\AppData\Roaming\dlg
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HKGELD-2000
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Program Files (x86)\HKGELD-2000
2015-02-05 09:03 - 2015-02-05 09:03 - 00003766 _____ () C:\WINDOWS\System32\Tasks\KTQOS
2015-02-05 09:03 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\ColorMedia64.dll
2015-02-05 09:03 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\SysWOW64\ColorMedia.dll
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\*******\AppData\Roaming\TuneUp Software
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\*******\AppData\Local\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 08:53 - 2015-02-05 08:53 - 00620008 _____ () C:\Users\*******\Downloads\hkg2000_114_CB-DL-Manager.exe
2015-01-29 09:01 - 2015-02-04 15:06 - 00014192 _____ () C:\Users\*******\Desktop\Partner Aktion.xlsx
2015-01-26 08:05 - 2015-01-26 08:05 - 00262144 ____N () C:\WINDOWS\Minidump\012615-33015-01.dmp
2015-01-22 11:13 - 2015-01-22 11:13 - 00466167 _____ () C:\Users\*******\Downloads\Analysebericht.xlsx
2015-01-19 08:36 - 2015-01-19 08:37 - 00000160 _____ () C:\Users\*******\Desktop\Code automatisches öffnen.txt
2015-01-19 08:36 - 2015-01-19 08:36 - 00000000 ___RD () C:\Users\*******\Documents\Notes
2015-01-15 15:44 - 2015-01-15 15:44 - 00069120 _____ () C:\Users\*******\Downloads\Rendite_Riester.xls
2015-01-14 09:34 - 2015-01-14 09:34 - 04972848 _____ (TeamViewer) C:\Users\*******\Downloads\TeamViewerQS_de-idcfz2ka2r.exe
2015-01-14 09:34 - 2015-01-14 09:34 - 00000000 ____D () C:\Users\*******\AppData\Roaming\TeamViewer
2015-01-14 07:46 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:46 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:46 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:46 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:46 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:46 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:46 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:46 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:46 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 07:46 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 09:46 - 2014-12-01 18:23 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-******* Arbeits-PC
2015-02-11 09:46 - 2014-11-22 12:42 - 00000000 ____D () C:\Users\*******\OneDrive
2015-02-11 09:45 - 2014-12-01 16:22 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 09:43 - 2014-12-08 08:23 - 00006998 _____ () C:\WINDOWS\setupact.log
2015-02-11 09:43 - 2014-12-08 08:22 - 00067648 _____ () C:\WINDOWS\PFRO.log
2015-02-11 09:43 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 09:42 - 2014-12-08 08:27 - 01199006 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 09:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 09:41 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-11 09:41 - 2014-11-16 21:54 - 00001017 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 09:39 - 2014-11-16 22:02 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600528798-198841283-459962802-1003
2015-02-11 09:36 - 2014-11-22 09:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 09:34 - 2014-12-01 16:22 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 09:33 - 2013-08-22 15:44 - 00482240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 09:26 - 2013-12-22 13:49 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2015-02-11 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 08:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 06:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 06:49 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 06:41 - 2014-11-18 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 06:41 - 2013-06-10 17:39 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 06:33 - 2014-11-22 12:43 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A31A0F7D-2455-433A-9F54-101AC9E9F96B}
2015-02-10 21:31 - 2014-12-09 22:07 - 00139776 ___SH () C:\Users\*******\Desktop\Thumbs.db
2015-02-10 21:29 - 2014-11-22 12:18 - 00000000 ____D () C:\Users\*******
2015-02-10 09:03 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 09:03 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 09:03 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 07:57 - 2014-12-18 09:42 - 00000000 ____D () C:\Users\*******\.freemind
2015-02-10 07:57 - 2014-12-04 14:13 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-09 00:39 - 2014-11-19 23:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 16:29 - 2014-12-01 16:22 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:29 - 2014-12-01 16:22 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:04 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\*******\AppData\Local\VirtualStore
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 16:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-02-03 16:05 - 2014-12-02 20:10 - 00155136 _____ () C:\Users\*******\Desktop\Potential-Analyse-2.xls
2015-01-31 12:31 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Packages
2015-01-29 15:53 - 2014-12-19 18:09 - 00000000 ____D () C:\Users\*******\Desktop\Scans Neukunden
2015-01-26 08:05 - 2014-12-08 08:23 - 00000000 ____D () C:\WINDOWS\Minidump

==================== Files in the root of some directories =======

2014-11-21 22:14 - 2014-11-21 22:13 - 0613057 _____ (CMI Limited) C:\Users\*******\AppData\Local\nscEBFA.tmp
2015-02-06 13:17 - 2015-02-06 13:17 - 0628496 _____ (CMI Limited) C:\Users\*******\AppData\Local\nsgF773.tmp
2014-11-21 22:58 - 2014-11-21 22:58 - 0613057 _____ (CMI Limited) C:\Users\*******\AppData\Local\nso7C6.tmp
2013-12-17 01:30 - 2013-12-17 01:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\CloudBackup63.exe
C:\Users\*******\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\*******\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*******\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\*******\AppData\Local\Temp\SpOrder.dll
C:\Users\*******\AppData\Local\Temp\sqlite3.dll
C:\Users\*******\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 06:40

==================== End Of Log ============================
         
--- --- ---


Ich denke ich habe soweit alles nach Anleitung durchgeführt.

LG Zeus 24
__________________

Alt 11.02.2015, 17:00   #4
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.02.2015, 15:19   #5
Zeus24
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Hi Schrauber,

danke für deine schnellen Antworten. Echt super :-)
hier die Ergebnisse:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=96e6665aa38f5b458f18f2b6f88a9b71
# engine=22434
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 02:03:07
# local_time=2015-02-12 03:03:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 108401 7099251 0 0
# scanned=177744
# found=21
# cleaned=0
# scan_time=9718
sh=3705A84C3911722A6A5FCC2556B6A9B212FBF5E6 ft=1 fh=46ea65c1165a4a61 vn="Variante von Win32/Adware.PicColor.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\aa3dbf4110b343089a47d5931408bfc6\aa3dbf4110b343089a47d5931408bfc6.exe.vir"
sh=457886F9A5081B3D4BCD666D6D7ACB5CF69D7AF6 ft=1 fh=84b1fc8599af2202 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05\1f32d520-4327-4c36-882f-5c3eb34fb850.dll"
sh=457886F9A5081B3D4BCD666D6D7ACB5CF69D7AF6 ft=1 fh=84b1fc8599af2202 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AmIcoSingLun\14e045d6-fe1c-4ded-abc7-9e94deb70b05.dll"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\nscEBFA.tmp"
sh=20C5951DEB2143732240F19E610543411E69026B ft=1 fh=8982b582832e64e5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\nsgF773.tmp"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\nso7C6.tmp"
sh=ECBCF0BCA2AF9C1DC1210468B286B1F65CD45D2A ft=1 fh=c1818ac17fded381 vn="Win32/Packed.ScrambleWrapper.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\5LYVLBUY\setup[1].exe_a"
sh=A75E95BE1BEB13FF84B33BCC64DB763E7F7909D5 ft=1 fh=bc9d466a14960a26 vn="Win32/Adware.ConvertAd.V Anwendung" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\5LYVLBUY\WinCheckSetup[1].exe"
sh=99365C040C9A1D3BED039A7737DAFE46576E6073 ft=1 fh=061e0c7026085d13 vn="Variante von Win32/VOPackage.BP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\KI5DCHSC\carunasu[1].exe"
sh=4A85705DAB52816F3592B75093EDDA6E7399602F ft=1 fh=4e5a9df975726588 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\WVC13HIR\ConvertAdSetup[1].exe"
sh=F200DCF76EEC8A41C9FE643EC61912EA8131C7CB ft=1 fh=66af8738b9e45fc6 vn="Win32/Verti.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\WVC13HIR\GameHugArcadeSetup[1].exe"
sh=A8713C8BF68086B67436A1E3E0550B9465CD92E6 ft=1 fh=3442c67b2eb2b527 vn="Variante von Win32/Adware.AdService.AA Anwendung" ac=I fn="C:\Users\********\AppData\Local\Microsoft\Windows\INetCache\IE\XV6VE3AS\CASrv[1].exe"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\CloudBackup63.exe"
sh=20C5951DEB2143732240F19E610543411E69026B ft=1 fh=8982b582832e64e5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\nsgF773.tmp"
sh=37C46CF394776C670114AA70728360CAFC2D3B24 ft=1 fh=9abe0b463e102b25 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\nsr8886.tmp"
sh=2B8397C19B791E21600E44B92FE6FDDE329C3678 ft=1 fh=30dacc033e102b25 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\nsw95B2.tmp"
sh=82818AB45856237DED9C403D6429B76669B43D3B ft=1 fh=8379184e3e102b25 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Local\Temp\nswC0B4.tmp"
sh=4A85705DAB52816F3592B75093EDDA6E7399602F ft=1 fh=4e5a9df975726588 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\********\AppData\Local\Temp\nsxD973.tmp"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe"
sh=3DB775B16988C15ACEB6FC2CC7F5C32FAE7EB207 ft=1 fh=4904036bc223b424 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\********\Downloads\hkg2000_114_CB-DL-Manager.exe"
sh=48C93BBDD6043054F4559780619F582DACE81949 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\f77817d.msi"
         
Checkup:

Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
Ein neues FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by ******** (administrator) on ARBEITS-PC on 12-02-2015 15:11:29
Running from C:\Users\********\Desktop
Loaded Profiles: ******** (Available profiles: ********)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DVAG Online-System\smartclient\smartclient.exe
(Oracle Corporation) C:\Program Files (x86)\DVAG Online-System\jre\jre-1.7.0.55\bin\javaw.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
Failed to access process -> dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373760 2012-07-20] (Alcor Micro Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [GoogleChromeAutoLaunch_BD891974AD4CE6B836D70E22CD229740] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [DellSystemDetect] => C:\Users\********\AppData\Local\Apps\2.0\VEVVJTZO.70K\H0QG9PGA.D5W\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-15] (Dell)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\MountPoints2: {6f5b1200-7237-11e4-824f-806e6f6e6963} - "E:\Produkte-CD_Version_10_14.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {56A7E625-FC34-47CE-B677-585B0CD702A9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MFA23F85E-7CC6-4E75-9750-1797F939DE69&SearchSource=55&CUI=&UM=6&UP=SPEAAAD01C-C8F9-42C4-8E14-8183347D4730&SSPV=
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://istart.webssearches.com/?type=hp&ts=1416608086&from=brd&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "?type=hppp"
CHR DefaultSearchKeyword: Default -> 
CHR DefaultSearchURL: Default -> web/?type=dspp&q={searchTerms}
CHR Profile: C:\Users\********\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google-Suche) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (efjjgphedlaihnlgaibiaihhmhaejjdd) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2015-02-10]
CHR Extension: (Google Tabellen) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2015-01-04]
CHR Extension: (Google Mail) - C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-12-22] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-22] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 15:11 - 2015-02-12 15:12 - 00019634 _____ () C:\Users\********\Desktop\FRST.txt
2015-02-12 15:11 - 2015-02-12 15:11 - 00000000 ____D () C:\Users\********\Desktop\FRST-OlderVersion
2015-02-12 15:09 - 2015-02-12 15:09 - 00000000 ____D () C:\Users\********\Desktop\3
2015-02-12 13:36 - 2015-02-12 13:36 - 00000165 ____H () C:\Users\********\Desktop\~$Neu.xlsm
2015-02-12 12:19 - 2015-02-12 12:20 - 00852594 _____ () C:\Users\********\Downloads\SecurityCheck.exe
2015-02-12 12:16 - 2015-02-12 12:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-12 12:15 - 2015-02-12 12:15 - 02347384 _____ (ESET) C:\Users\********\Downloads\esetsmartinstaller_deu.exe
2015-02-12 10:45 - 2015-02-12 10:48 - 00238716 _____ () C:\Users\********\Desktop\Fördercheck 2015.xlsm
2015-02-12 10:06 - 2015-02-12 10:06 - 00001020 _____ () C:\Users\********\Desktop\IrfanView.lnk
2015-02-12 10:06 - 2015-02-12 10:06 - 00000000 ____D () C:\Users\********\AppData\Roaming\IrfanView
2015-02-12 10:06 - 2015-02-12 10:06 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-12 10:05 - 2015-02-12 10:05 - 02197648 _____ (Irfan Skiljan) C:\Users\********\Downloads\iview438g_setup.exe
2015-02-12 08:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 12:34 - 2015-02-11 12:35 - 00273920 _____ () C:\Users\********\Downloads\ekst2004tabelle.xls
2015-02-11 11:55 - 2015-02-11 11:55 - 00000040 _____ () C:\Users\********\Desktop\Stufenmodell_Initialisierung.txt
2015-02-11 11:50 - 2015-02-11 11:50 - 01377792 _____ () C:\Users\********\Desktop\Arbeitnehmerberatung__Stufenmodell__4_9_1.xls
2015-02-11 10:51 - 2015-02-11 10:51 - 00000000 ____D () C:\Users\********\Desktop\2
2015-02-11 09:45 - 2015-02-11 09:46 - 01388274 _____ (Thisisu) C:\Users\********\Downloads\JRT.exe
2015-02-11 09:38 - 2015-02-11 09:38 - 00000000 ____D () C:\Users\********\Desktop\1
2015-02-11 09:16 - 2015-02-11 09:41 - 00000000 ____D () C:\AdwCleaner
2015-02-11 09:15 - 2015-02-11 09:15 - 02112512 _____ () C:\Users\********\Downloads\AdwCleaner_4.110.exe
2015-02-11 09:08 - 2015-02-11 09:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\********\Downloads\revosetup95.exe
2015-02-11 09:08 - 2015-02-11 09:08 - 00001286 _____ () C:\Users\********\Desktop\Revo Uninstaller.lnk
2015-02-11 09:08 - 2015-02-11 09:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 06:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 06:34 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 06:34 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 06:34 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 06:34 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 06:34 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 06:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 06:34 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 06:34 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 06:34 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 06:34 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 06:34 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 06:34 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 06:34 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 06:34 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 06:34 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 06:34 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 06:34 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 06:34 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 06:34 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 06:34 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 06:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 06:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 06:34 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 06:34 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 06:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 06:34 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 06:34 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 06:34 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 20:56 - 2015-02-10 20:58 - 00018035 _____ () C:\Users\********\Downloads\Addition.txt
2015-02-10 20:54 - 2015-02-11 09:49 - 00040737 _____ () C:\Users\********\Downloads\FRST.txt
2015-02-10 20:53 - 2015-02-10 20:53 - 00380416 _____ () C:\Users\********\Downloads\4hxdczjx.exe
2015-02-10 20:52 - 2015-02-12 15:11 - 00000000 ____D () C:\FRST
2015-02-10 20:50 - 2015-02-12 15:11 - 02134016 _____ (Farbar) C:\Users\********\Desktop\FRST64.exe
2015-02-10 20:49 - 2015-02-10 20:49 - 00000000 _____ () C:\Users\********\defogger_reenable
2015-02-10 20:44 - 2015-02-10 20:44 - 00050477 _____ () C:\Users\********\Downloads\Defogger.exe
2015-02-10 20:29 - 2015-02-10 20:31 - 154051656 _____ () C:\Users\********\Downloads\avira_free_antivirus468_de.exe
2015-02-10 09:38 - 2015-02-12 14:19 - 00236098 _____ () C:\Users\********\Desktop\Neu.xlsm
2015-02-09 12:54 - 2015-02-09 12:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-09 08:39 - 2015-02-09 08:40 - 00000000 ____D () C:\Users\********\Desktop\Fotos Uwe Pfisterer
2015-02-09 00:40 - 2015-02-09 00:40 - 00001771 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-09 00:40 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-09 00:34 - 2015-02-09 00:34 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-09 00:34 - 2015-02-09 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-06 15:05 - 2015-02-11 09:26 - 00000000 ____D () C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05
2015-02-06 13:17 - 2015-02-06 13:17 - 00628496 _____ (CMI Limited) C:\Users\********\AppData\Local\nsgF773.tmp
2015-02-05 17:34 - 2015-02-05 17:34 - 00731913 _____ () C:\Users\********\Downloads\Konzeption einer Wissensdatenbank.pptx
2015-02-05 09:06 - 2015-02-05 09:06 - 00000976 _____ () C:\Users\********\Desktop\HKGELD-2000.lnk
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\********\Documents\HKGELD
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\********\AppData\Roaming\dlg
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HKGELD-2000
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Program Files (x86)\HKGELD-2000
2015-02-05 09:03 - 2015-02-05 09:03 - 00003766 _____ () C:\WINDOWS\System32\Tasks\KTQOS
2015-02-05 09:03 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\ColorMedia64.dll
2015-02-05 09:03 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\SysWOW64\ColorMedia.dll
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\********\AppData\Roaming\TuneUp Software
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\********\AppData\Local\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 08:53 - 2015-02-05 08:53 - 00620008 _____ () C:\Users\********\Downloads\hkg2000_114_CB-DL-Manager.exe
2015-01-29 09:01 - 2015-02-04 15:06 - 00014192 _____ () C:\Users\********\Desktop\Partner Aktion.xlsx
2015-01-26 08:05 - 2015-01-26 08:05 - 00262144 ____N () C:\WINDOWS\Minidump\012615-33015-01.dmp
2015-01-22 11:13 - 2015-01-22 11:13 - 00466167 _____ () C:\Users\********\Downloads\Analysebericht.xlsx
2015-01-19 08:36 - 2015-01-19 08:37 - 00000160 _____ () C:\Users\********\Desktop\Code automatisches öffnen.txt
2015-01-19 08:36 - 2015-01-19 08:36 - 00000000 ___RD () C:\Users\********\Documents\Notes
2015-01-15 15:44 - 2015-01-15 15:44 - 00069120 _____ () C:\Users\********\Downloads\Rendite_Riester.xls
2015-01-14 09:34 - 2015-01-14 09:34 - 04972848 _____ (TeamViewer) C:\Users\********\Downloads\TeamViewerQS_de-idcfz2ka2r.exe
2015-01-14 09:34 - 2015-01-14 09:34 - 00000000 ____D () C:\Users\********\AppData\Roaming\TeamViewer
2015-01-14 07:46 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:46 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:46 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:46 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:46 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:46 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:46 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:46 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:46 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 07:46 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 14:34 - 2014-12-01 16:22 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 14:19 - 2014-12-08 08:27 - 01722011 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 14:17 - 2014-11-22 12:43 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A31A0F7D-2455-433A-9F54-101AC9E9F96B}
2015-02-12 12:47 - 2014-12-04 14:13 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-12 10:27 - 2014-12-09 22:07 - 00250880 ___SH () C:\Users\********\Desktop\Thumbs.db
2015-02-12 08:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 08:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-11 16:34 - 2014-12-01 16:22 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 14:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 12:35 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\********\AppData\Local\Packages
2015-02-11 11:55 - 2014-11-21 23:14 - 00000872 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-11 11:40 - 2014-11-16 22:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600528798-198841283-459962802-1003
2015-02-11 10:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 09:56 - 2014-12-01 18:23 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-******** Arbeits-PC
2015-02-11 09:46 - 2014-11-22 12:42 - 00000000 ____D () C:\Users\********\OneDrive
2015-02-11 09:43 - 2014-12-08 08:23 - 00006998 _____ () C:\WINDOWS\setupact.log
2015-02-11 09:43 - 2014-12-08 08:22 - 00067648 _____ () C:\WINDOWS\PFRO.log
2015-02-11 09:43 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 09:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 09:41 - 2014-12-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-11 09:41 - 2014-11-16 21:54 - 00001017 _____ () C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 09:36 - 2014-11-22 09:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 09:33 - 2013-08-22 15:44 - 00482240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 09:26 - 2013-12-22 13:49 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2015-02-11 06:48 - 2014-11-18 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 06:41 - 2013-06-10 17:39 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 21:29 - 2014-11-22 12:18 - 00000000 ____D () C:\Users\********
2015-02-10 09:03 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 09:03 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 09:03 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 07:57 - 2014-12-18 09:42 - 00000000 ____D () C:\Users\********\.freemind
2015-02-09 00:39 - 2014-11-19 23:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 16:29 - 2014-12-01 16:22 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:29 - 2014-12-01 16:22 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:04 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\********\AppData\Local\VirtualStore
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 16:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-02-03 16:05 - 2014-12-02 20:10 - 00155136 _____ () C:\Users\********\Desktop\Potential-Analyse-2.xls
2015-01-29 15:53 - 2014-12-19 18:09 - 00000000 ____D () C:\Users\********\Desktop\Scans Neukunden
2015-01-26 08:05 - 2014-12-08 08:23 - 00000000 ____D () C:\WINDOWS\Minidump

==================== Files in the root of some directories =======

2014-11-21 22:14 - 2014-11-21 22:13 - 0613057 _____ (CMI Limited) C:\Users\********\AppData\Local\nscEBFA.tmp
2015-02-06 13:17 - 2015-02-06 13:17 - 0628496 _____ (CMI Limited) C:\Users\********\AppData\Local\nsgF773.tmp
2014-11-21 22:58 - 2014-11-21 22:58 - 0613057 _____ (CMI Limited) C:\Users\********\AppData\Local\nso7C6.tmp
2013-12-17 01:30 - 2013-12-17 01:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\********\AppData\Local\Temp\CloudBackup63.exe
C:\Users\********\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\********\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\********\AppData\Local\Temp\Quarantine.exe
C:\Users\********\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\********\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\********\AppData\Local\Temp\SpOrder.dll
C:\Users\********\AppData\Local\Temp\sqlite3.dll
C:\Users\********\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 06:40

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Neue Programme sind meines Wissens keine mehr installiert worden. Jedoch öffnen sich weiterhin Pop-Ups + Werbung.
Auch springt Chrome öfter zwischen Tabs einfach hin und her. Im allgemeinen ist der PC auch sehr langsam geworden.

LG Zeus24


Alt 12.02.2015, 20:37   #6
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05
C:\Program Files (x86)\AmIcoSingLun
C:\Users\********\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe

C:\Users\********\Downloads\hkg2000_114_CB-DL-Manager.exe

C:\Windows\Installer\f77817d.msi
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Besser?
__________________
--> WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"

Alt 12.02.2015, 23:28   #7
Zeus24
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Hi schrauber,

sieht super aus =) Keine Werbung, keine neuen Tabs Klasse!

Hier der Inhalt FRST fixlogs:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by ******* at 2015-02-12 23:09:22 Run:1
Running from C:\Users\*******\Desktop
Loaded Profiles: ******* (Available profiles: *******)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05
C:\Program Files (x86)\AmIcoSingLun
C:\Users\*******\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe

C:\Users\*******\Downloads\hkg2000_114_CB-DL-Manager.exe

C:\Windows\Installer\f77817d.msi
Emptytemp:
*****************

C:\Program Files (x86)\14e045d6-fe1c-4ded-abc7-9e94deb70b05 => Moved successfully.
C:\Program Files (x86)\AmIcoSingLun => Moved successfully.
C:\Users\*******\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe => Moved successfully.
C:\Users\*******\Downloads\hkg2000_114_CB-DL-Manager.exe => Moved successfully.
C:\Windows\Installer\f77817d.msi => Moved successfully.
EmptyTemp: => Removed 3.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:10:00 ====
         
Ich hoffe es ist jetzt alles runter. Sobald mir etwas auffällt sage ich bescheid. Kann ich den PC noch in Sachen Geschwindigkeit optimieren?

Eine Frage habe ich noch. Wie kann ich mich in Zukunft optimal schützen? Bin auch gerne bereit Geld dafür zu zahlen. Ich weiß nur leider überhaupt nicht welche Programme gut sind. Hast du hier einen Tipp?

Danke dir vielmals.

LG Zeus24

Alt 13.02.2015, 17:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Poste mal bitte ein frisches FRST log. Wann ist der Rechner denn langsam?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.02.2015, 17:27   #9
Zeus24
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Immer wenn ich mehrere Dinge gleichzeitig mache. Also Chrome, Excel und Word. Dann hängt es hier und da, bzw. die Übergänge von den Programmen dauern etwas.

hier das frische FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by ****** (administrator) on ARBEITS-PC on 13-02-2015 17:24:14
Running from C:\Users\******\Desktop
Loaded Profiles: ****** (Available profiles: ******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\DVAG Online-System\smartclient\smartclient.exe
(Oracle Corporation) C:\Program Files (x86)\DVAG Online-System\jre\jre-1.7.0.55\bin\javaw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamDev Ltd) C:\Program Files (x86)\DVAG Online-System\smartclient\etc\dvag\chromium\jxbrowser-chromium.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-08-30] (Vimicro)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\Run: [GoogleChromeAutoLaunch_BD891974AD4CE6B836D70E22CD229740] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2600528798-198841283-459962802-1003\...\MountPoints2: {6f5b1200-7237-11e4-824f-806e6f6e6963} - "E:\Produkte-CD_Version_10_14.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2600528798-198841283-459962802-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2600528798-198841283-459962802-1003 -> {56A7E625-FC34-47CE-B677-585B0CD702A9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MFA23F85E-7CC6-4E75-9750-1797F939DE69&SearchSource=55&CUI=&UM=6&UP=SPEAAAD01C-C8F9-42C4-8E14-8183347D4730&SSPV=
CHR StartupUrls: Default -> "hxxp://google.de/", "hxxp://istart.webssearches.com/?type=hp&ts=1416608086&from=brd&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "hxxp://www.mystartsearch.com/?type=hp&ts=1423220646&from=ium6&uid=ST500LM012XHN-M500MBB_S2R7J9AD306010", "?type=hppp"
CHR DefaultSearchKeyword: Default -> 
CHR DefaultSearchURL: Default -> web/?type=dspp&q={searchTerms}
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-01]
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-01]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (efjjgphedlaihnlgaibiaihhmhaejjdd) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2015-02-10]
CHR Extension: (Google Tabellen) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2015-01-04]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6957744 2013-12-22] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [981112 2012-09-05] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-22] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 17:24 - 2015-02-13 17:24 - 00018644 _____ () C:\Users\******\Desktop\FRST.txt
2015-02-12 23:22 - 2015-02-12 23:22 - 00000000 ____D () C:\Users\******\Desktop\4
2015-02-12 23:05 - 2015-02-12 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 22:45 - 2015-02-12 22:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\******\Downloads\revosetup95 (1).exe
2015-02-12 15:11 - 2015-02-12 15:11 - 00000000 ____D () C:\Users\******\Desktop\FRST-OlderVersion
2015-02-12 15:09 - 2015-02-12 15:20 - 00000000 ____D () C:\Users\******\Desktop\3
2015-02-12 12:19 - 2015-02-12 12:20 - 00852594 _____ () C:\Users\******\Downloads\SecurityCheck.exe
2015-02-12 12:15 - 2015-02-12 12:15 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_deu.exe
2015-02-12 10:45 - 2015-02-13 15:52 - 00248671 _____ () C:\Users\******\Desktop\Fördercheck 2015.xlsm
2015-02-12 10:06 - 2015-02-12 10:06 - 00001020 _____ () C:\Users\******\Desktop\IrfanView.lnk
2015-02-12 10:06 - 2015-02-12 10:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\IrfanView
2015-02-12 10:06 - 2015-02-12 10:06 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2015-02-12 10:05 - 2015-02-12 10:05 - 02197648 _____ (Irfan Skiljan) C:\Users\******\Downloads\iview438g_setup.exe
2015-02-12 08:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 12:34 - 2015-02-11 12:35 - 00273920 _____ () C:\Users\******\Downloads\ekst2004tabelle.xls
2015-02-11 11:55 - 2015-02-11 11:55 - 00000040 _____ () C:\Users\******\Desktop\Stufenmodell_Initialisierung.txt
2015-02-11 11:50 - 2015-02-11 11:50 - 01377792 _____ () C:\Users\******\Desktop\Arbeitnehmerberatung__Stufenmodell__4_9_1.xls
2015-02-11 10:51 - 2015-02-11 10:51 - 00000000 ____D () C:\Users\******\Desktop\2
2015-02-11 09:45 - 2015-02-11 09:46 - 01388274 _____ (Thisisu) C:\Users\******\Downloads\JRT.exe
2015-02-11 09:38 - 2015-02-11 09:38 - 00000000 ____D () C:\Users\******\Desktop\1
2015-02-11 09:16 - 2015-02-11 09:41 - 00000000 ____D () C:\AdwCleaner
2015-02-11 09:15 - 2015-02-11 09:15 - 02112512 _____ () C:\Users\******\Downloads\AdwCleaner_4.110.exe
2015-02-11 09:08 - 2015-02-12 22:47 - 00001286 _____ () C:\Users\******\Desktop\Revo Uninstaller.lnk
2015-02-11 09:08 - 2015-02-12 22:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-11 09:08 - 2015-02-11 09:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\******\Downloads\revosetup95.exe
2015-02-11 06:34 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 06:34 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 06:34 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 06:34 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 06:34 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 06:34 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 06:34 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 06:34 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 06:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 06:34 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 06:34 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 06:34 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 06:34 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 06:34 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 06:34 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 06:34 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 06:34 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 06:34 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 06:34 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 06:34 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 06:34 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 06:34 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 06:34 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 06:34 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 06:34 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 06:34 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 06:34 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 06:34 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 06:34 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 06:34 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 06:34 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 06:34 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 06:34 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 06:34 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 06:34 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 06:34 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 06:34 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 06:34 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 06:34 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 06:34 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 06:34 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 06:34 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 06:34 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 06:34 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 20:56 - 2015-02-10 20:58 - 00018035 _____ () C:\Users\******\Downloads\Addition.txt
2015-02-10 20:54 - 2015-02-11 09:49 - 00040737 _____ () C:\Users\******\Downloads\FRST.txt
2015-02-10 20:53 - 2015-02-10 20:53 - 00380416 _____ () C:\Users\******\Downloads\4hxdczjx.exe
2015-02-10 20:52 - 2015-02-13 17:24 - 00000000 ____D () C:\FRST
2015-02-10 20:50 - 2015-02-12 15:11 - 02134016 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2015-02-10 20:49 - 2015-02-10 20:49 - 00000000 _____ () C:\Users\******\defogger_reenable
2015-02-10 20:44 - 2015-02-10 20:44 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2015-02-10 20:29 - 2015-02-10 20:31 - 154051656 _____ () C:\Users\******\Downloads\avira_free_antivirus468_de.exe
2015-02-10 09:38 - 2015-02-13 15:51 - 00247733 _____ () C:\Users\******\Desktop\Neu.xlsm
2015-02-09 12:54 - 2015-02-09 12:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-09 08:39 - 2015-02-09 08:40 - 00000000 ____D () C:\Users\******\Desktop\Fotos Uwe Pfisterer
2015-02-09 00:40 - 2015-02-09 00:40 - 00001771 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-09 00:40 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 00:39 - 2015-02-09 00:40 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 00:39 - 2015-02-09 00:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-09 00:34 - 2015-02-09 00:34 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk
2015-02-09 00:34 - 2015-02-09 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-02-06 13:17 - 2015-02-06 13:17 - 00628496 _____ (CMI Limited) C:\Users\******\AppData\Local\nsgF773.tmp
2015-02-05 17:34 - 2015-02-05 17:34 - 00731913 _____ () C:\Users\******\Downloads\Konzeption einer Wissensdatenbank.pptx
2015-02-05 09:06 - 2015-02-05 09:06 - 00000976 _____ () C:\Users\******\Desktop\HKGELD-2000.lnk
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\******\Documents\HKGELD
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Users\******\AppData\Roaming\dlg
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HKGELD-2000
2015-02-05 09:06 - 2015-02-05 09:06 - 00000000 ____D () C:\Program Files (x86)\HKGELD-2000
2015-02-05 09:03 - 2015-02-05 09:03 - 00003766 _____ () C:\WINDOWS\System32\Tasks\KTQOS
2015-02-05 09:03 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\system32\ColorMedia64.dll
2015-02-05 09:03 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\WINDOWS\SysWOW64\ColorMedia.dll
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\TuneUp Software
2015-02-05 09:01 - 2015-02-05 09:01 - 00000000 ____D () C:\Users\******\AppData\Local\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-05 09:00 - 2015-02-05 09:00 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-29 09:01 - 2015-02-13 10:30 - 00013052 _____ () C:\Users\******\Desktop\Partner Aktion.xlsx
2015-01-26 08:05 - 2015-01-26 08:05 - 00262144 ____N () C:\WINDOWS\Minidump\012615-33015-01.dmp
2015-01-22 11:13 - 2015-01-22 11:13 - 00466167 _____ () C:\Users\******\Downloads\Analysebericht.xlsx
2015-01-19 08:36 - 2015-01-19 08:37 - 00000160 _____ () C:\Users\******\Desktop\Code automatisches öffnen.txt
2015-01-19 08:36 - 2015-01-19 08:36 - 00000000 ___RD () C:\Users\******\Documents\Notes
2015-01-15 15:44 - 2015-01-15 15:44 - 00069120 _____ () C:\Users\******\Downloads\Rendite_Riester.xls
2015-01-14 09:34 - 2015-01-14 09:34 - 04972848 _____ (TeamViewer) C:\Users\******\Downloads\TeamViewerQS_de-idcfz2ka2r.exe
2015-01-14 09:34 - 2015-01-14 09:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\TeamViewer
2015-01-14 07:46 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 07:46 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 07:46 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 07:46 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 07:46 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 07:46 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 07:46 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 07:46 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 07:46 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 07:46 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 07:46 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 07:46 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 07:46 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 07:46 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 07:46 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 07:46 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 07:46 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 17:03 - 2014-12-04 14:13 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-13 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-13 16:58 - 2014-12-08 08:27 - 01958264 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 16:34 - 2014-12-01 16:22 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 16:34 - 2014-12-01 16:22 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 13:43 - 2014-11-22 12:43 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A31A0F7D-2455-433A-9F54-101AC9E9F96B}
2015-02-13 10:25 - 2014-12-01 18:23 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-****** Arbeits-PC
2015-02-13 09:27 - 2014-11-16 22:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2600528798-198841283-459962802-1003
2015-02-12 23:14 - 2014-11-22 12:42 - 00000000 ____D () C:\Users\******\OneDrive
2015-02-12 23:12 - 2014-12-09 22:07 - 00250880 ___SH () C:\Users\******\Desktop\Thumbs.db
2015-02-12 23:12 - 2014-12-08 08:23 - 00007870 _____ () C:\WINDOWS\setupact.log
2015-02-12 23:12 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 23:11 - 2014-12-08 08:22 - 00069530 _____ () C:\WINDOWS\PFRO.log
2015-02-12 23:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-12 23:05 - 2014-12-01 16:21 - 00000000 ____D () C:\Users\******\AppData\Local\Deployment
2015-02-12 17:25 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 17:25 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-12 17:25 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-12 08:32 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 08:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-11 14:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 12:35 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2015-02-11 11:55 - 2014-11-21 23:14 - 00000872 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-11 10:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 09:41 - 2014-11-16 21:54 - 00001017 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 09:36 - 2014-11-22 09:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 09:33 - 2013-08-22 15:44 - 00482240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 06:48 - 2014-11-18 13:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 06:41 - 2013-06-10 17:39 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 21:29 - 2014-11-22 12:18 - 00000000 ____D () C:\Users\******
2015-02-10 07:57 - 2014-12-18 09:42 - 00000000 ____D () C:\Users\******\.freemind
2015-02-09 00:39 - 2014-11-19 23:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-06 16:29 - 2014-12-01 16:22 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 16:29 - 2014-12-01 16:22 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:04 - 2014-11-16 21:52 - 00000000 ____D () C:\Users\******\AppData\Local\VirtualStore
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 16:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-02-03 16:05 - 2014-12-02 20:10 - 00155136 _____ () C:\Users\******\Desktop\Potential-Analyse-2.xls
2015-01-29 15:53 - 2014-12-19 18:09 - 00000000 ____D () C:\Users\******\Desktop\Scans Neukunden
2015-01-26 08:05 - 2014-12-08 08:23 - 00000000 ____D () C:\WINDOWS\Minidump

==================== Files in the root of some directories =======

2014-11-21 22:14 - 2014-11-21 22:13 - 0613057 _____ (CMI Limited) C:\Users\******\AppData\Local\nscEBFA.tmp
2015-02-06 13:17 - 2015-02-06 13:17 - 0628496 _____ (CMI Limited) C:\Users\******\AppData\Local\nsgF773.tmp
2014-11-21 22:58 - 2014-11-21 22:58 - 0613057 _____ (CMI Limited) C:\Users\******\AppData\Local\nso7C6.tmp
2013-12-17 01:30 - 2013-12-17 01:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 06:40

==================== End Of Log ============================
         
--- --- ---


LG Zeus 24

Alt 14.02.2015, 11:44   #10
schrauber
/// the machine
/// TB-Ausbilder
 

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Gewusst wie: Durchführen eines sauberen Neustarts in Windows

Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht.

Diesen dann hier benennen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.02.2015, 12:18   #11
BataAlexander
> MalwareDB
 
WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Standard

WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"



Also zumindest der Superfish auf dem Rechner ist gewollt.

Superfish: Lenovo steckt gefährliche Adware in seine Laptops | ZEIT ONLINE
__________________
If every computer is running a diverse ecosystem, crackers will have
no choice but to resort to small-scale, targetted attacks, and the
days of mass-market malware will be over
[...].
Stuart Udall

Antwort

Themen zu WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"
adware.backad, installmanager.exe, office 365, pup.optional.clicup.a, pup.optional.crossrider.a, pup.optional.flashbeat.a, pup.optional.gamehugarcade.a, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.hdquality.a, pup.optional.ihprotect.a, pup.optional.ihprotectupdate.a, pup.optional.installcore.a, pup.optional.mystartsearch.a, pup.optional.nova.a, pup.optional.patsearch.a, pup.optional.phrasefinder.a, pup.optional.qone8, pup.optional.selectngo.a, pup.optional.suptab.a, pup.optional.webinstr.a, pup.optional.webssearches.a, pup.optional.wincheck.a, pup.optional.windowsmangerprotect.a, pup.optional.windowsprotectmanger.a, pup.optional.wpm.a, pup.optional.xtab.a



Ähnliche Themen: WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"


  1. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  2. neuer PC auf einmal sehr langsam, Firefox-Meldungen "Skript beschäftigt oder antwortet nicht", "keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (26)
  3. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  7. Ordner wie "Anwendungsdaten" oder "Lokale Einstellungen" werden im Explorer nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  8. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  9. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  10. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  11. Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?
    Log-Analyse und Auswertung - 10.03.2012 (25)
  12. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  13. Malware-Software automatisch installiert - Meldung "Document has moved - redirecting"
    Log-Analyse und Auswertung - 28.05.2010 (8)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. "Hijacked Internet access by WebHancer" installiert "Antivirus 2009 XP"
    Log-Analyse und Auswertung - 18.08.2008 (1)
  16. F-Secure wird ständig als "Neue Programme wurden installiert" angezeigt
    Antiviren-, Firewall- und andere Schutzprogramme - 01.05.2007 (2)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" - Hallo liebe trojaner-board Gemeinde, mein Pc ist, denke ich, von einem Virus oder Trojaner befallen. Ständig werden neue Tabs geöffnet oder bei klick auf Tabs werden diese geschlossen. Weiterhin werden - WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"...
Archiv
Du betrachtest: WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.