Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Windows 8.1 - selbstinstallierende Programm spamen PC voll

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 16.07.2015, 08:22   #1
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Problem: Windows 8.1 - selbstinstallierende Programm spamen PC voll



Guten Morgen,

ich möchte vorweg sagen, dass ich eigentlich nur der typische Anwender bin, und die Arbeitsanweisungen an mich bitte für "Blonde" verfasst werden sollte - Danke.

Ich habe seit gestern Abend folgendes Problem:

Nachdem ich für die Hausaufgabe meiner Tochter ein Bild laden wollte habe ich sofort nach dem Klick gemerkt, dass jetzt irgendetwas schief gelaufen ist.

Es haben sich im Intergrund Install-Programme geöffnet, die ich gar nicht beenden konnte. Dadurch habe ich ungefähr 10-15 neu installierte Programm in der Programmliste gefunden.
Ich habe dann den PC vom Internet getrennt und alle diese Programme über die Systemsteuerung deinstalliert. Super dachte ich hat ja geklappt. Die Ernüchterung kam ganz schnell wieder nachdem ich das Internet wieder öffnete. Sofort lief wieder im Hintergrund das Installileren ab. Ich wollte dann im Internet schauen, ob es vertrauenswürdige Seiten zum erkennen von Viren usw. gibt, aber da hat er sofort die Seite geschlossen. Habe das Internet wieder getrennt und die inzwischen installierten Programme wieder deinstalliert. Internet ist immernoch aus.
Das ist der Stand den mein PC jetzt hat.

Ich weiß gar nicht, was ich mir da eingefangen habe, und bitte um Hilfe.

Vielen Dank

Binchen

Alt 16.07.2015, 08:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll Anleitung / Hilfe



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 16.07.2015, 09:24   #3
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll Details



Hallo,

vielen Dank für die Antwort,

Logfile hab ich leider keine. Meine Emsisoftware ist abgelaufen, hab leider vergessen neu zu kaufen.

kann ich das Internet wieder öffnen, oder soll ich das FRST von einem anderen PC holen???

Danke Binchen
__________________

Alt 16.07.2015, 09:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Lösung: Windows 8.1 - selbstinstallierende Programm spamen PC voll



Für eine vernünftige Bereinigung braucht dieser Rechner eh Zugang zum Internet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.07.2015, 12:40   #5
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Wie Windows 8.1 - selbstinstallierende Programm spamen PC voll



Hi,

nochmal ich...
meine Externe Platte lasse ich die am PC während des Scans - hab die zur Sicherheit mal abgestöpselt.

Sorry, bin noch auf der Arbeit und möchte sobald ich nach Hause komme mich an den PC ran machen.

Hallo anbei die Scans:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ADMIN (administrator) on WELLER´S on 16-07-2015 13:31:13
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe
() C:\Users\ADMIN\AppData\Local\WikiUpdate.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\baidu\baidu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-06-03] (Buhl Data Service)
HKLM-x32\...\Run: [mbot_de_014010032] => [X]
HKLM-x32\...\Run: [gmsd_de_005010032] => [X]
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\MountPoints2: {d4f887f3-62ac-11e4-8026-4c72b994d0f4} - "K:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-07-11]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-04-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-10-23]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2013-05-07]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013-01-06]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2824886842-1903998303-2860717336-1011] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2824886842-1903998303-2860717336-1011] => http=127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=dspp&ts=1436984128&z=ef56230c1e3d00b917802dfgezdc8qct5baz6g1o1g&from=amt&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=dspp&ts=1436984128&z=ef56230c1e3d00b917802dfgezdc8qct5baz6g1o1g&from=amt&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
SearchScopes: HKLM -> {5C066E4E-BF62-492A-99B2-2FE1F400FF94} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-2824886842-1903998303-2860717336-1011 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&ts=1436984979&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2824886842-1903998303-2860717336-1011 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&ts=1436984979&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2824886842-1903998303-2860717336-1011 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&ts=1436984979&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2824886842-1903998303-2860717336-1011 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&ts=1436984979&type=default&q={searchTerms}
BHO: PricELLesaS -> {2F5097B0-606A-4521-9853-41809A0F63A3} -> C:\Program Files (x86)\PricELLesaS\FrjKmd1lOjn0Tc.x64.dll [2015-07-16] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: PricELLesaS -> {2F5097B0-606A-4521-9853-41809A0F63A3} -> C:\Program Files (x86)\PricELLesaS\FrjKmd1lOjn0Tc.dll [2015-07-16] ()
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-28] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-04] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F820D289-A089-4FF2-8FAB-FB08B96BF856}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2009-11-12] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-15] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-15] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2824886842-1903998303-2860717336-1011: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF user.js: detected! => C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\user.js [2015-07-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-07-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\oursurfing.xml [2015-07-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt [2013-12-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml [2013-05-27]
FF Extension: QuickSearch - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\Extensions\searchffv2@gmail.com [2015-07-15]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16]
CHR Extension: (Docs) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16]
CHR Extension: (Google Drive) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-16]
CHR Extension: (YouTube) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-16]
CHR Extension: (Google Search) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-16]
CHR Extension: (Google Sheets) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Awesome File Opener) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphbmanpfjfdngbaamhajooihmjacmfe [2015-07-16]
CHR Extension: (Gmail) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\hp\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 71d34eea; c:\Program Files (x86)\IncludeFunc\IncludeFunc.dll [2989056 2015-07-16] () [File not signed]
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-15] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-15] (globalUpdate) [File not signed] <==== ATTENTION
R2 gogegijy; C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp [318976 2015-07-15] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
R2 Usvalumerer; C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
R2 vicoqudu; C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp [165376 2015-07-15] () [File not signed]
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-28] (RealVNC Ltd)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WikiBrowserUpdateService; C:\Users\ADMIN\AppData\Local\WikiUpdate.exe [372224 2015-07-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 zejytose; C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp [199168 2015-07-15] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R1 OADevice; C:\WINDOWS\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\WINDOWS\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\WINDOWS\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 13:31 - 2015-07-16 13:31 - 00031791 _____ C:\Users\ADMIN\Downloads\FRST.txt
2015-07-16 13:28 - 2015-07-16 13:31 - 00000000 ____D C:\FRST
2015-07-16 13:27 - 2015-07-16 13:28 - 02133504 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe
2015-07-16 07:44 - 2015-07-16 07:44 - 00003434 _____ C:\Users\ADMIN\Desktop\cc_20150716_074412.reg
2015-07-16 07:41 - 2015-07-16 13:30 - 00081104 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-16 07:34 - 2015-07-16 07:34 - 00000000 _____ C:\Users\ADMIN\AppData\Local\Temp.dat
2015-07-16 07:33 - 2015-07-16 07:33 - 00004690 _____ C:\Users\ADMIN\Desktop\cc_20150716_073306.reg
2015-07-16 07:32 - 2015-07-16 07:32 - 00036178 _____ C:\Users\ADMIN\Desktop\cc_20150716_073209.reg
2015-07-16 07:31 - 2015-07-16 07:31 - 00220346 _____ C:\Users\ADMIN\Desktop\cc_20150716_073114.reg
2015-07-16 06:39 - 2015-07-16 06:39 - 00613255 _____ (CMI Limited) C:\Users\ADMIN\AppData\Local\nsbF969.tmp
2015-07-16 06:35 - 2015-07-16 06:35 - 00000000 ____D C:\Program Files (x86)\IncludeFunc
2015-07-16 06:34 - 2015-07-16 06:34 - 00000000 ____D C:\ProgramData\11045394643943100347
2015-07-16 06:34 - 2015-07-16 06:34 - 00000000 ____D C:\Program Files (x86)\Awesome File Opener
2015-07-16 06:33 - 2015-07-16 06:55 - 00000354 _____ C:\WINDOWS\Tasks\WalkingBuddy.job
2015-07-16 06:33 - 2015-07-16 06:34 - 00000000 ____D C:\Program Files (x86)\PricELLesaS
2015-07-16 06:33 - 2015-07-16 06:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\WalkingBuddy
2015-07-16 06:33 - 2015-07-16 06:33 - 00000000 ____D C:\ProgramData\hcejfjmfafcmaokigkojhjkllgnjkdle
2015-07-16 06:33 - 2015-07-16 06:33 - 00000000 ____D C:\ProgramData\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}
2015-07-16 06:32 - 2015-07-16 06:32 - 00000000 _____ C:\dummy.htm
2015-07-16 06:23 - 2015-07-16 06:23 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13B30299-8D40-4641-B727-461FBD9BAD98}
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieUserList
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieSiteList
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Macromedia
2015-07-16 06:14 - 2015-07-16 06:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1016
2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Buhl Data Service GmbH
2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Buhl Data Service GmbH
2015-07-15 22:01 - 2015-07-15 22:01 - 00000881 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\Weller, Johannes - Einkommensteuer 2014.lnk
2015-07-15 22:00 - 2015-07-15 22:00 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\ESt Johannes
2015-07-15 21:59 - 2015-07-15 22:02 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\Steuer-Sparbuch
2015-07-15 21:59 - 2015-07-15 21:59 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\JOHANNES
2015-07-15 21:53 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\ESt Johannes
2015-07-15 21:52 - 2015-07-15 21:52 - 00001004 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\MeinGeld_2015.lnk
2015-07-15 21:52 - 2015-07-15 21:52 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld
2015-07-15 21:49 - 2015-07-15 22:04 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1015
2015-07-15 21:45 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld_neu
2015-07-15 21:33 - 2015-07-16 06:47 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\ClassicShell
2015-07-15 21:32 - 2015-07-16 06:47 - 00002563 _____ C:\Users\Sabine Weller\Sti_Trace.log
2015-07-15 21:32 - 2015-07-16 06:08 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\.oit
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Polar WebSync
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Documents\My PageManager
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\NewSoft
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Hewlett-Packard
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Epson
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Apple Computer
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Power2Go8
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\NewSoft
2015-07-15 21:31 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\RealVNC
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\VirtualStore
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Packages
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller
2015-07-15 21:31 - 2015-07-15 21:31 - 00001456 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:31 - 2015-07-15 21:31 - 00000020 ___SH C:\Users\Sabine Weller\ntuser.ini
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Vorlagen
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Startmenü
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Netzwerkumgebung
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Lokale Einstellungen
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Eigene Dateien
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Druckumgebung
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Musik
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Bilder
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Verlauf
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Anwendungsdaten
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Anwendungsdaten
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Adobe
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Buhl Data Service GmbH
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service GmbH
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service
2015-07-15 21:31 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:31 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:31 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:31 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Sabine Weller\Documents\Anti-Malware
2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\Documents\hp.system.package.metadata
2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Microsoft Help
2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:30 - 2015-07-15 21:54 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl
2015-07-15 21:29 - 2015-07-15 22:03 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\ClassicShell
2015-07-15 21:28 - 2015-07-15 21:59 - 00001101 _____ C:\Users\Johannes Weller.WELLER´S\Sti_Trace.log
2015-07-15 21:28 - 2015-07-15 21:45 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\.oit
2015-07-15 21:28 - 2015-07-15 21:29 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Packages
2015-07-15 21:28 - 2015-07-15 21:28 - 00001456 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:28 - 2015-07-15 21:28 - 00000020 ___SH C:\Users\Johannes Weller.WELLER´S\ntuser.ini
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Vorlagen
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Startmenü
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Netzwerkumgebung
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Lokale Einstellungen
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Eigene Dateien
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Druckumgebung
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Musik
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Bilder
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Verlauf
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Anwendungsdaten
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Anwendungsdaten
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Polar WebSync
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\NewSoft
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Hewlett-Packard
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Epson
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Apple Computer
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Adobe
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\VirtualStore
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\RealVNC
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Power2Go8
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\NewSoft
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S
2015-07-15 21:28 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:28 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:28 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:28 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Microsoft Help
2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:27 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\ClassicShell
2015-07-15 21:26 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Local\RealVNC
2015-07-15 21:26 - 2015-07-15 21:27 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Packages
2015-07-15 21:26 - 2015-07-15 21:26 - 00001456 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:26 - 2015-07-15 21:26 - 00000364 _____ C:\Users\Admin_2\Sti_Trace.log
2015-07-15 21:26 - 2015-07-15 21:26 - 00000020 ___SH C:\Users\Admin_2\ntuser.ini
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Vorlagen
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Startmenü
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Netzwerkumgebung
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Lokale Einstellungen
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Eigene Dateien
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Druckumgebung
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Musik
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Bilder
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Verlauf
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Anwendungsdaten
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Anwendungsdaten
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Polar WebSync
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Documents\My PageManager
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\NewSoft
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Hewlett-Packard
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Epson
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Apple Computer
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Adobe
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\.oit
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\VirtualStore
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Power2Go8
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\NewSoft
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2
2015-07-15 21:26 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:26 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:26 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:26 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Admin_2\Documents\Anti-Malware
2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\Documents\hp.system.package.metadata
2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Microsoft Help
2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\Users\ADMIN\Documents\My Games
2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-15 21:03 - 2015-07-15 21:03 - 00003152 _____ C:\WINDOWS\System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE}
2015-07-15 20:56 - 2015-07-15 20:56 - 00000000 ____D C:\ProgramData\3639c61000001fbd
2015-07-15 20:42 - 2015-07-15 20:42 - 00000000 __SHD C:\Program Files (x86)\Usvalumerer
2015-07-15 20:39 - 2015-07-16 05:53 - 00001141 _____ C:\Users\ADMIN\Desktop\Continue Live Installation.lnk
2015-07-15 20:33 - 2015-07-15 20:39 - 00000358 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-15 20:33 - 2015-07-15 20:33 - 00003244 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-15 20:33 - 2015-07-15 20:33 - 00000000 ____D C:\ProgramData\{c3721e45-20ba-f03e-c372-21e4520b7914}
2015-07-15 20:32 - 2015-07-16 07:00 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-07-15 20:32 - 2015-07-16 06:55 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-07-15 20:32 - 2015-07-16 06:55 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-07-15 20:32 - 2015-07-16 06:40 - 00002808 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-07-15 20:32 - 2015-07-16 06:40 - 00002806 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-07-15 20:32 - 2015-07-16 06:40 - 00002806 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-07-15 20:31 - 2015-07-15 20:31 - 00613255 _____ (CMI Limited) C:\Users\ADMIN\AppData\Local\nshF6BF.tmp
2015-07-15 20:31 - 2015-07-15 20:31 - 00000000 __SHD C:\Users\ADMIN\AppData\Roaming\AnyProtectEx
2015-07-15 20:30 - 2015-07-15 20:30 - 00001018 _____ C:\WINDOWS\Tasks\Wjyq6XTaP1xNI8.job
2015-07-15 20:30 - 2015-07-15 20:30 - 00001014 _____ C:\WINDOWS\Tasks\Q1jdNr4UILjx.job
2015-07-15 20:28 - 2015-07-15 20:28 - 00000000 ____D C:\Program Files (x86)\Product Deals
2015-07-15 20:28 - 2015-07-15 20:28 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-15 20:26 - 2015-07-16 06:59 - 00000000 ____D C:\Users\ADMIN\AppData\Local\SmartWeb
2015-07-15 20:26 - 2015-07-15 20:26 - 00003378 _____ C:\WINDOWS\System32\Tasks\AmiUpdXp
2015-07-15 20:21 - 2015-07-15 20:21 - 00001016 _____ C:\WINDOWS\Tasks\BvdGG0XR8EWfe.job
2015-07-15 20:21 - 2015-07-15 20:21 - 00001008 _____ C:\WINDOWS\Tasks\vdWjxqXW6.job
2015-07-15 20:20 - 2015-07-15 20:45 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\cpuminer
2015-07-15 20:19 - 2015-07-15 20:19 - 00000000 ____D C:\Program Files (x86)\mbot_de_014010031
2015-07-15 20:17 - 2015-07-16 13:19 - 00000988 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-15 20:17 - 2015-07-15 20:58 - 00000000 ____D C:\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C
2015-07-15 20:17 - 2015-07-15 20:34 - 00000992 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-15 20:17 - 2015-07-15 20:29 - 00003964 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-07-15 20:17 - 2015-07-15 20:29 - 00003728 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-07-15 20:17 - 2015-07-15 20:17 - 00003722 _____ C:\WINDOWS\System32\Tasks\SMupdate1
2015-07-15 20:17 - 2015-07-15 20:17 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-07-15 20:17 - 2015-07-15 20:17 - 00000000 ____D C:\Users\ADMIN\AppData\Local\globalUpdate
2015-07-15 20:17 - 2015-07-15 20:17 - 00000000 ____D C:\Users\ADMIN\AppData\Local\BrowserHelper
2015-07-15 20:17 - 2015-07-15 20:17 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-15 20:16 - 2015-07-15 23:09 - 00000000 ____D C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C
2015-07-15 20:16 - 2015-07-15 20:16 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-07-15 20:16 - 2015-07-15 20:16 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\ASPackage
2015-07-15 20:16 - 2015-07-15 20:16 - 00000000 ____D C:\Users\ADMIN\AppData\Local\CrashRpt
2015-07-15 20:16 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-07-15 20:15 - 2015-07-15 20:30 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-15 20:14 - 2015-07-16 13:19 - 00000000 ____D C:\Program Files (x86)\FastSearch
2015-07-15 20:14 - 2015-07-15 21:11 - 00000008 _____ C:\END
2015-07-15 20:14 - 2015-07-15 20:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\OptiSpace
2015-07-15 20:14 - 2015-07-15 20:14 - 00003088 _____ C:\WINDOWS\System32\Tasks\tet3008
2015-07-15 20:14 - 2015-07-15 20:14 - 00000000 ____D C:\Program Files (x86)\Coupon Time
2015-07-15 20:06 - 2015-07-15 20:41 - 00000000 ____D C:\Users\ADMIN\AppData\Local\SysassistByHotWheel
2015-07-15 20:06 - 2015-07-15 20:06 - 00000000 ____D C:\ppsfile
2015-07-15 20:05 - 2015-07-15 21:05 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Unity
2015-07-15 20:05 - 2015-07-15 20:58 - 00000000 ____D C:\IQIYI Video
2015-07-15 20:05 - 2015-07-15 20:57 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-07-15 20:05 - 2015-07-15 20:05 - 00000000 ____D C:\Users\Public\QiYi
2015-07-15 20:05 - 2015-07-15 20:05 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\IQIYI Video
2015-07-15 20:04 - 2015-07-15 20:04 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-15 20:03 - 2015-07-15 20:03 - 01557520 _____ (Dummy, Ltd.) C:\Users\ADMIN\Downloads\u bahn london plan_10924_i33145093_il345.exe
2015-07-15 15:21 - 2015-07-15 15:21 - 00372224 _____ C:\Users\ADMIN\AppData\Local\WikiUpdate.exe
2015-07-11 14:52 - 2015-07-11 14:52 - 00000000 ____D C:\Users\ADMIN\Documents\OneNote-Notizbücher
2015-07-08 17:27 - 2015-07-12 12:30 - 00073800 _____ C:\Users\ADMIN\Documents\M.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 13:20 - 2013-11-11 20:48 - 00238080 ___SH C:\Users\ADMIN\Desktop\Thumbs.db
2015-07-16 13:20 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-16 13:20 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-16 13:20 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-16 13:19 - 2013-10-25 13:14 - 00286812 _____ C:\Users\ADMIN\Sti_Trace.log
2015-07-16 13:19 - 2013-10-20 11:03 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\ClassicShell
2015-07-16 13:19 - 2013-10-19 15:51 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\.oit
2015-07-16 13:19 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-16 07:41 - 2013-12-13 17:01 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-07-16 07:41 - 2013-10-20 12:14 - 00000000 ____D C:\Users\ADMIN\Documents\Mein Steuer-Sparbuch Heute
2015-07-16 07:39 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 07:28 - 2013-11-22 19:59 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-16 07:22 - 2013-10-20 11:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1011
2015-07-16 07:03 - 2013-08-22 15:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-16 07:02 - 2013-10-22 07:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-16 06:18 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-16 06:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-16 06:09 - 2013-01-05 18:29 - 00000400 _____ C:\WINDOWS\ODBC.INI
2015-07-16 06:01 - 2013-01-06 08:53 - 00000000 ____D C:\Program Files\Google
2015-07-16 06:01 - 2013-01-05 17:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-15 21:32 - 2012-11-13 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-07-15 21:22 - 2013-11-11 20:31 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Google
2015-07-15 21:21 - 2014-08-05 19:07 - 00000000 ____D C:\Aerosoft
2015-07-15 21:21 - 2012-11-01 23:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-15 21:20 - 2014-08-05 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-07-15 21:18 - 2013-12-15 19:57 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-15 21:18 - 2013-10-19 15:51 - 00001009 _____ C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-15 21:08 - 2013-08-22 16:44 - 00508896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-15 21:03 - 2014-02-08 09:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-15 20:57 - 2013-01-09 12:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-15 20:17 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-15 18:56 - 2013-10-20 12:15 - 00000000 ____D C:\Users\ADMIN\Documents\Steuer-Sparbuch
2015-07-15 18:45 - 2013-10-20 11:08 - 00000000 ____D C:\Users\ADMIN\Documents\WISO Mein Geld_neu
2015-07-14 19:02 - 2013-10-22 07:11 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:38 - 2014-09-20 18:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:24 - 2014-12-28 01:53 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-05 11:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-06-28 12:21 - 2015-02-01 20:23 - 00034816 ___SH C:\Users\ADMIN\Documents\Thumbs.db
2015-06-28 12:16 - 2013-10-19 15:50 - 00000000 ____D C:\Users\ADMIN
2015-06-27 09:01 - 2013-10-28 17:01 - 00000000 ____D C:\Users\ADMIN\Documents\SigmaDataCenter3

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\ADMIN\AppData\Roaming\BvdGG0XR8EWfe
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\ADMIN\AppData\Roaming\BvdGG0XR8EWfe.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\ADMIN\AppData\Roaming\Q1jdNr4UILjx
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\ADMIN\AppData\Roaming\Q1jdNr4UILjx.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\ADMIN\AppData\Roaming\vdWjxqXW6
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\ADMIN\AppData\Roaming\vdWjxqXW6.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\ADMIN\AppData\Roaming\Wjyq6XTaP1xNI8
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\ADMIN\AppData\Roaming\Wjyq6XTaP1xNI8.exe
2015-07-16 06:39 - 2015-07-16 06:39 - 0613255 _____ (CMI Limited) C:\Users\ADMIN\AppData\Local\nsbF969.tmp
2015-07-15 20:31 - 2015-07-15 20:31 - 0613255 _____ (CMI Limited) C:\Users\ADMIN\AppData\Local\nshF6BF.tmp
2015-07-16 07:34 - 2015-07-16 07:34 - 0000000 _____ () C:\Users\ADMIN\AppData\Local\Temp.dat
2015-07-15 15:21 - 2015-07-15 15:21 - 0372224 _____ () C:\Users\ADMIN\AppData\Local\WikiUpdate.exe
2013-01-05 20:12 - 2013-01-05 21:41 - 0008116 _____ () C:\ProgramData\hpzinstall.log
2012-11-13 15:56 - 2012-11-13 15:56 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-11-06 21:02 - 2014-11-30 00:05 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\ADMIN\AppData\Local\Temp\1520.exe
C:\Users\ADMIN\AppData\Local\Temp\3528.exe
C:\Users\ADMIN\AppData\Local\Temp\568.exe
C:\Users\ADMIN\AppData\Local\Temp\9736.exe
C:\Users\ADMIN\AppData\Local\Temp\9798.exe
C:\Users\ADMIN\AppData\Local\Temp\bitool.dll
C:\Users\ADMIN\AppData\Local\Temp\IQIYIsetup_l_spl004@kb005.exe
C:\Users\ADMIN\AppData\Local\Temp\nsf36E3.tmp.exe
C:\Users\ADMIN\AppData\Local\Temp\optprosetup.exe
C:\Users\ADMIN\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72830_Silence.exe
C:\Users\ADMIN\AppData\Local\Temp\setup3.exe
C:\Users\ADMIN\AppData\Local\Temp\tu17p84.exe
C:\Users\ADMIN\AppData\Local\Temp\u bahn london plan__10924_i1558332983_il638590.exe
C:\Users\ADMIN\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 07:22

==================== End of log ============================
         


Alt 16.07.2015, 12:43   #6
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Wo Windows 8.1 - selbstinstallierende Programm spamen PC voll Lösung!



und noch der zweite:

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ADMIN at 2015-07-16 13:32:02
Running from C:\Users\ADMIN\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-2824886842-1903998303-2860717336-1011 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-2824886842-1903998303-2860717336-500 - Administrator - Disabled)
Admin_2 (S-1-5-21-2824886842-1903998303-2860717336-1017 - Administrator - Enabled) => C:\Users\Admin_2
Gast (S-1-5-21-2824886842-1903998303-2860717336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2824886842-1903998303-2860717336-1010 - Limited - Enabled)
Johannes Weller (S-1-5-21-2824886842-1903998303-2860717336-1015 - Limited - Enabled) => C:\Users\Johannes Weller.WELLER´S
Sabine Weller (S-1-5-21-2824886842-1903998303-2860717336-1016 - Limited - Enabled) => C:\Users\Sabine Weller
UpdatusUser (S-1-5-21-2824886842-1903998303-2860717336-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Awesome File Opener (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BTUpdater 1.3 (HKLM-x32\...\{7B667522-CC69-4191-8154-6C16DD8AE754}_is1) (Version:  - Midland)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c7100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.40.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON WF-3540 Series (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EnBW StromRadar (HKLM-x32\...\{3BEB39C1-E448-45D2-97E2-A9B2A2DE7A54}) (Version: 2.2.4.1 - EnBW Energie Baden-Württemberg AG)
Epson Benutzerhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{9074AFC0-CFDA-11DE-B484-005056806466}) (Version: 5.1.3533.1731 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
MailStore Home 8.0.2.8361 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.0.2.8361 - MailStore Software GmbH)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
PricELLesaS (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version:  - ) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigma Data Center 3.1 (HKLM-x32\...\Sigma Data Center3.1) (Version: 3.1 - Sigma Elektro GmbH)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Support PL 1.1 (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{71d34eea}) (Version:  - riceLes) <==== ATTENTION
Tippmaster v3.5.0 (HKLM-x32\...\Tippmaster_is1) (Version: 3.5.0 - Hofmann & Gschwandtner GbR)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tyre (HKLM\...\Tyre_is1) (Version: 6.4.1.4 - 't Schrijverke)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VNC Server 5.2.3 (HKLM\...\{0D2201F0-2E7B-4C89-8C5D-03D3F5BB5042}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{8824CB84-60DF-4CBC-AB3A-7C5AB2A41F31}) (Version: 5.2.3 - RealVNC Ltd)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Wise Program Uninstaller 1.58 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.58 - WiseCleaner.com, Inc.)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{C5503285-CB32-4922-8C62-940D8F11A9AF}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{ED4D896D-EA6C-4FC4-8F2A-DB4BA4A24D8E}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.7.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.7 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-07-2015 12:33:18 Geplanter Prüfpunkt
15-07-2015 21:18:56 RedDotView wird entfernt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EE6CBA-08F9-46AA-BE0B-AFF3153487A9} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {0C008DAC-F2CB-4A5C-9E58-45183668491A} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {1B5E6209-59DD-4E77-8AD1-DEA13770A60A} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {22A931CF-2031-4E76-8D85-F30135EB3370} - System32\Tasks\AmiUpdXp => C:\Users\ADMIN\AppData\Local\13423\Updater.exe <==== ATTENTION
Task: {403F192B-05D2-43E3-8869-620A29982E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {487F7CF2-5302-4468-86DE-D2BD852E6CB5} - \BitGuard No Task File <==== ATTENTION
Task: {5542B2D9-B689-43F9-A34B-7956340AA4B6} - System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE} => pcalua.exe -a C:\Users\ADMIN\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: {65C18767-3BB1-4803-8590-14A41C96E9A0} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {6D3D720B-C619-45F5-B5B9-3DBAA823ABEA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {79D5B119-27D0-476B-9DA2-1D4FD0B11983} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {824EFD4E-87E1-4095-A78D-A29EFA9A7F64} - System32\Tasks\tet3008 => C:\Program Files (x86)\FastSearch\tet3008.exe [2015-06-23] ()
Task: {987CC262-A122-47D3-9C77-214F502A092F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-15] (globalUpdate) <==== ATTENTION
Task: {B1174188-13B8-48E9-B74E-1A850D5DE550} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {B6C86806-D2D5-4E97-AF6B-C7CFA4D8E278} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Thoosje Vista Sidebar\Thoosje Sidebar.exe
Task: {C2E93577-EF06-4A34-B343-6AD4EE804DB3} - System32\Tasks\{0F868CCB-3067-458A-8588-C2F3A59927E1} => pcalua.exe -a "C:\Users\ADMIN\Neuer Ordner\Adobe Photoshop CS2\Photoshop.exe"
Task: {C69B25BE-8834-4379-A72F-447FB6D51659} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{c3721e45-20ba-f03e-c372-21e4520b7914}\hqghumeaylnlf.exe [2014-07-15] (PC Utilities Software Limited) <==== ATTENTION
Task: {D4B625BB-5CD7-4729-8C5F-0291EE372ACA} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DC76E08E-549A-4059-8702-B97525450158} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-15] (globalUpdate) <==== ATTENTION
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe [2014-07-16] () <==== ATTENTION
Task: {F35425DA-FE48-4B87-8A2A-82E58A53B62C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{c3721e45-20ba-f03e-c372-21e4520b7914}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BvdGG0XR8EWfe.job => C:\Users\ADMIN\AppData\Roaming\BvdGG0XR8EWfe.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Q1jdNr4UILjx.job => C:\Users\ADMIN\AppData\Roaming\Q1jdNr4UILjx.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\vdWjxqXW6.job => C:\Users\ADMIN\AppData\Roaming\vdWjxqXW6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Wjyq6XTaP1xNI8.job => C:\Users\ADMIN\AppData\Roaming\Wjyq6XTaP1xNI8.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-15 22:52 - 2015-07-15 22:52 - 00318976 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2015-07-15 20:42 - 2015-06-16 08:50 - 00281088 ___SH () C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
2015-07-15 20:16 - 2015-07-15 20:16 - 00165376 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
2015-07-15 15:21 - 2015-07-15 15:21 - 00372224 _____ () C:\Users\ADMIN\AppData\Local\WikiUpdate.exe
2015-07-15 20:16 - 2015-07-15 20:16 - 00199168 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2015-07-15 20:04 - 2015-06-20 00:00 - 00061440 ____H () C:\Program Files (x86)\baidu\baidu.exe
2013-02-26 16:59 - 2013-02-26 16:59 - 06227512 _____ () C:\Program Files (x86)\Polar\WebSync\WebSync.exe
2013-11-19 21:24 - 2014-08-07 13:29 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2013-10-19 15:53 - 2013-10-19 15:53 - 00120224 _____ () C:\Users\ADMIN\AppData\Local\assembly\dl3\P614JHN7.VQO\W1HP4Z1K.AEP\71599d0e\0017145d_cd85cd01\HPItunesModule.DLL
2015-07-16 06:35 - 2015-07-16 06:35 - 02989056 _____ () c:\Program Files (x86)\IncludeFunc\IncludeFunc.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2012-11-01 23:57 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-11-02 00:03 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 00110648 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll
2013-02-26 16:59 - 2013-02-26 16:59 - 03722296 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll
2010-02-10 16:06 - 2010-02-10 16:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll
2010-02-10 16:22 - 2010-02-10 16:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll
2010-02-10 16:07 - 2010-02-10 16:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll
2011-01-14 16:01 - 2011-01-14 16:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 09707800 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 03890288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02745624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02123032 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 04325144 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01573656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 05300504 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01702168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01810712 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01629464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 07353112 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2013-02-02 20:26 - 2008-11-17 15:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
2013-02-02 20:26 - 2010-05-07 12:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2013-02-02 20:26 - 2010-12-23 14:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
2013-02-02 20:26 - 2010-12-29 18:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2013-02-02 20:26 - 2008-08-25 18:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2013-02-02 20:26 - 2007-03-30 11:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
2013-02-02 20:26 - 2009-11-26 18:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2013-02-02 20:26 - 2011-03-11 11:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2013-02-02 20:26 - 2009-09-09 15:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
2013-02-02 20:26 - 2007-03-30 10:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
2013-02-02 20:26 - 2010-11-30 17:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
2013-02-02 20:26 - 2010-10-22 11:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
2013-02-02 20:26 - 2010-12-29 19:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2013-02-02 20:26 - 2010-07-13 11:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
2013-02-02 20:26 - 2010-09-09 19:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2013-02-02 20:26 - 2007-08-31 18:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2013-02-02 20:26 - 2010-09-08 18:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2013-02-02 20:26 - 2009-08-06 11:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
2013-02-02 20:26 - 2009-11-27 18:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2013-02-02 20:26 - 2010-11-26 11:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
2013-02-02 20:26 - 2007-03-30 11:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2013-02-02 20:26 - 2010-10-22 11:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
2013-02-02 20:26 - 2010-08-03 11:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2013-02-02 20:26 - 2010-09-26 12:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2013-02-02 20:26 - 2010-03-02 16:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2013-02-02 20:26 - 2010-08-03 11:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2013-02-02 20:26 - 2010-09-26 12:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2013-02-02 20:26 - 2008-08-25 17:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2013-02-02 20:26 - 2010-09-08 11:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2013-02-02 20:26 - 2009-06-26 10:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2013-02-02 20:26 - 2009-12-04 18:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2013-02-02 20:26 - 2010-04-27 16:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2013-02-02 20:26 - 2011-01-21 16:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2013-02-02 20:26 - 2007-03-30 10:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
2013-02-02 20:26 - 2010-11-26 11:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5F9756F8-F816-4DE6-A134-5D11177D7101}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7981A029-D266-40E9-8499-7F3BBA171FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E3F9B456-71FC-4F76-BAC7-46FCB2AA86E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F7DAAC50-7E76-40D3-A44C-77B9B75D6369}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4C0198E3-C12B-4A9E-B9A5-B6BF436F7333}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{29318F9F-FA7C-44E7-B609-8BFE5E8F60F2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{187001C2-A9FD-4738-A9D7-89433C1FB225}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{A82D82B7-05F7-4490-AA02-40D5399142A6}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [UDP Query User{8C6F5E26-8FA7-4115-8F61-D82EDFC9AE04}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{175BA418-B764-485D-9943-0AF872B5D9AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F506FFD2-183C-41C2-AC8D-FBDECFFD3363}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{190C1071-58EA-4882-9ACF-316A9638480C}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{184AF574-C0E6-446E-AD99-BD9058C97625}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{12EA3BDB-93C9-45BD-AB70-C117A9F831C3}] => (Allow) LPort=1900
FirewallRules: [{2BE7D240-AF5F-45D1-BADA-89C92BF70400}] => (Allow) LPort=2869
FirewallRules: [{79FE28F8-EED0-4967-8B27-92E8A8135D0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6AAA071-2BC3-4DB2-BEEA-39E7931D45B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B15D2672-42B0-480B-B5F2-95CE3DFEA96B}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0FC1CB29-1930-4B9D-9BEF-D9D32751DD9F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E0CA7CA3-1F8F-4424-859A-B665AEB49A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{85FF2813-CFC0-4F50-BABB-33F4BE24A9AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BEA04FFC-BB6B-4A84-812B-F2E390B0C473}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{627C4A04-57BB-4398-9591-4C437921F320}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{89D838A2-B075-4070-B293-FF8275CF38EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{46D60460-5EB4-4DA3-A2E1-24643B92E859}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CA266968-5A05-41FE-A575-EB16DDEEC003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{271D426C-C8A5-42B0-A682-C6BF0A804EF3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B5EDCB63-5528-4F3B-AF7C-8E426A21B72F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BA24CC07-2ECA-4A70-AF51-3A65385E3224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{35630A5F-E721-41F6-BB13-F2EF8A017A76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC88955-5F3D-40B1-B76D-3150AF83DD89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1D4C01B2-5C30-4199-BECA-167220AAEF41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{10CC3518-034E-4C35-A05A-641EC51A651A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1EBE767D-BCE5-4A63-9AB2-5F20B4418CCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DC1CF583-EDB4-41EB-A277-897394E657CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DE5BC789-275E-40FD-8D46-433D87D18079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{27565CFB-E031-41E5-B9EB-039F3D82503E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{288FA507-0B1F-44F2-869F-9D70621F802C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E564077B-B46E-40BB-8E20-9944DAF606D0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5FB3B7CE-77ED-4CE9-AB9C-A784B8545EB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0927140B-67CC-4CAF-BC42-0B3AA65B6865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{049B4734-126A-4323-B687-166753E685C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E2445DD-8DB1-42F9-A50D-2FC2A9DD074E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9AA2FFA-0578-4A9F-B4F7-93916239CC10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAD961B2-CCF2-4BB3-8034-8FA9FB36D2A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA6546CB-2854-4F31-8927-C8FBC13890AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BEDD147-C820-4DAD-BE8A-FAB1A11C3044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D926CA5-8A9A-455B-8E03-B604543294D0}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{A963906A-A239-488F-9E3B-145A0AFB4129}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{074278CB-3606-43C3-9B87-77C5B90F38A0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CC38E1A2-EEDC-4BF2-8B9B-DA63DF25FCEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8709488-C5F5-45E3-9DAC-C70EA4C64314}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{99E775DD-FCEE-4D19-A8AE-8DC7F77DEFF4}] => (Allow) LPort=53000
FirewallRules: [{C30554FD-976B-4C87-A041-FA4828563383}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============

Name: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Description: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (8572) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2314

Startzeit: 01d0bf81840d8d1d

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: da54f83c-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsl168.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 23a0

Startzeit: 01d0bf80c69f2627

Endzeit: 4294967295

Anwendungspfad: C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp

Berichts-ID: 9d0059ca-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (5604) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (07/16/2015 05:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nsd5E36.tmp, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x40010006
Fehleroffset: 0x00011d4d
ID des fehlerhaften Prozesses: 0x478
Startzeit der fehlerhaften Anwendung: 0xnsd5E36.tmp0
Pfad der fehlerhaften Anwendung: nsd5E36.tmp1
Pfad des fehlerhaften Moduls: nsd5E36.tmp2
Berichtskennung: nsd5E36.tmp3
Vollständiger Name des fehlerhaften Pakets: nsd5E36.tmp4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nsd5E36.tmp5

Error: (07/15/2015 11:18:48 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: Desktop: ~Desktop: 38c Failed to select desktop: Die angeforderte Ressource wird bereits verwendet. (170)

Error: (07/15/2015 09:11:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x55a5eb15
Name des fehlerhaften Moduls: spbia.exe, Version: 1.0.0.4, Zeitstempel: 0x55a5eb15
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000a746
ID des fehlerhaften Prozesses: 0x7c4
Startzeit der fehlerhaften Anwendung: 0xspbia.exe0
Pfad der fehlerhaften Anwendung: spbia.exe1
Pfad des fehlerhaften Moduls: spbia.exe2
Berichtskennung: spbia.exe3
Vollständiger Name des fehlerhaften Pakets: spbia.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: spbia.exe5


System errors:
=============
Error: (07/16/2015 07:44:25 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:43:11 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:43:06 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:41:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Usvalumerer" wurde nicht richtig gestartet.

Error: (07/16/2015 07:39:05 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:07:35 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:07:29 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 07:07:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/16/2015 07:05:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Usvalumerer" wurde nicht richtig gestartet.

Error: (07/16/2015 07:03:39 AM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.


Microsoft Office:
=========================
Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail8572WindowsMail0:

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4231401d0bf81840d8d1d4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeda54f83c-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsl168.tmp0.0.0.023a001d0bf80c69f26274294967295C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp9d0059ca-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost5604Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (07/16/2015 05:53:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nsd5E36.tmp0.0.0.02a425e19KERNELBASE.dll6.3.9600.17055532943a34001000600011d4d47801d0bf7af72da66dC:\Users\ADMIN\AppData\Local\Temp\nsd5E36.tmpC:\WINDOWS\SYSTEM32\KERNELBASE.dll36840670-2b6e-11e5-8033-4c72b994d0f4

Error: (07/15/2015 11:18:48 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: Desktop~Desktop: 38c Failed to select desktop: Die angeforderte Ressource wird bereits verwendet. (170)

Error: (07/15/2015 09:11:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: spbia.exe1.0.0.455a5eb15spbia.exe1.0.0.455a5eb15c0000005000000000000a7467c401d0bf31dff46f99C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exe42b74dc8-2b25-11e5-8033-4c72b994d0f4


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 20:32:34.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:34.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:20.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-02 17:46:42.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-29 18:58:01.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-26 11:58:12.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 12227.56 MB
Available physical RAM: 9088.98 MB
Total Virtual: 14083.56 MB
Available Virtual: 10601.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.95 GB) (Free:1476.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D65FE7C9)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: ECA99B82)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================
         
--- --- ---


Beide sind ohne die externe Platte.

Hoffe das ist richtig so.

Danke

Alt 16.07.2015, 13:36   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Awesome File Opener

    PricELLesaS

    Support PL 1.1

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Danach bitte:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
RemoveProxy:
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.07.2015, 15:08   #8
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll



Hallo,

habe alle punkte abgearbeitet.
Hier der Inhalt der txt:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ADMIN at 2015-07-16 16:01:04 Run:1
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RemoveProxy:
EmptyTemp:
*****************


========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 451.3 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 16:01:11 ====
         

Alt 16.07.2015, 15:10   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.07.2015, 16:26   #10
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



So da bin ich wieder ....

hier die gewünschten Daten:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 16.07.2015 16:28:21, SYSTEM, WELLER´S, Protection, Malware Protection, Starting, 
Protection, 16.07.2015 16:28:21, SYSTEM, WELLER´S, Protection, Malware Protection, Started, 
Protection, 16.07.2015 16:28:21, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Starting, 
Protection, 16.07.2015 16:28:22, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Started, 
Update, 16.07.2015 16:28:36, SYSTEM, WELLER´S, Manual, Rootkit Database, 2015.2.25.1, 2015.7.15.1, 
Update, 16.07.2015 16:28:36, SYSTEM, WELLER´S, Manual, Remediation Database, 2015.3.9.1, 2015.7.15.2, 
Update, 16.07.2015 16:28:36, SYSTEM, WELLER´S, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 16.07.2015 16:28:36, SYSTEM, WELLER´S, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 16.07.2015 16:28:54, SYSTEM, WELLER´S, Manual, Malware Database, 2015.3.9.5, 2015.7.16.4, 
Protection, 16.07.2015 16:28:54, SYSTEM, WELLER´S, Protection, Refresh, Starting, 
Protection, 16.07.2015 16:28:54, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Stopping, 
Protection, 16.07.2015 16:28:54, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Stopped, 
Protection, 16.07.2015 16:29:03, SYSTEM, WELLER´S, Protection, Refresh, Success, 
Protection, 16.07.2015 16:29:03, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Starting, 
Protection, 16.07.2015 16:29:03, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Started, 
Detection, 16.07.2015 16:33:06, ADMIN, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.SmartWeb.A, C:\Users\ADMIN\AppData\Local\Temp\nsb79EA.tmp, Quarantäne, [bfb5f2f0b2d8de5857f15001b051c13f]
Detection, 16.07.2015 16:33:29, ADMIN, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.EORezo, C:\Users\ADMIN\AppData\Local\Temp\nsgB989.tmp, Quarantäne, [b2c231b1276381b59faac3a25ea7857b]
Detection, 16.07.2015 16:33:32, SYSTEM, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.Somoto, C:\Users\ADMIN\AppData\Local\Temp\bitool.dll, Quarantäne, [c8acb92967233ef8ce3c6b6932cf30d0]
Detection, 16.07.2015 16:37:32, SYSTEM, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.CheckOffer, C:\Users\ADMIN\AppData\Local\Temp\nsu7B01.tmp\nsCBHTML5.dll, Quarantäne, [551f6082563452e4c15cdbcb9869bd43]
Detection, 16.07.2015 16:44:10, SYSTEM, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.SuperOptimizer.A, C:\Users\ADMIN\AppData\Local\Temp\nsu7B01.tmp\SuperOptimizer.exe, Quarantäne, [b0c47969b1d9033318af1391f01131cf]
Detection, 16.07.2015 16:44:14, ADMIN, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.AnyProtect, C:\Users\ADMIN\AppData\Local\Temp\nsyAB1D.tmp, Quarantäne, [1163f7eb345601358ab32555c83a2dd3]
Protection, 16.07.2015 16:47:04, SYSTEM, WELLER´S, Protection, Malware Protection, Starting, 
Protection, 16.07.2015 16:47:04, SYSTEM, WELLER´S, Protection, Malware Protection, Started, 
Protection, 16.07.2015 16:47:04, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Starting, 
Protection, 16.07.2015 16:47:55, SYSTEM, WELLER´S, Protection, Malicious Website Protection, Started, 
Detection, 16.07.2015 16:48:00, SYSTEM, WELLER´S, Protection, Malwareschutz, Datei, PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, Quarantine Failed, 5, Zugriff verweigert  , [a1d35b87d8b2ea4c41f3b20933ce18e8]

(end)
         
und ...
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 16/07/2015 um 17:01:32
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : ADMIN - WELLER´S
# Gestarted von : C:\Users\ADMIN\AppData\Local\Microsoft\Windows\INetCache\IE\DMDP29AI\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : WikiBrowserUpdateService
[#] Dienst Gelöscht : wsafd_1_10_0_19

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\IQIYI Video
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\IQIYI Video
Ordner Gelöscht : C:\ProgramData\3639c61000001fbd
Ordner Gelöscht : C:\ProgramData\ae2cf8af00004115
Ordner Gelöscht : C:\ProgramData\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}
Ordner Gelöscht : C:\ProgramData\{c3721e45-20ba-f03e-c372-21e4520b7914}
Ordner Gelöscht : C:\Users\Public\Documents\ShopperPro
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Convertor
Ordner Gelöscht : C:\Program Files (x86)\Coupon Time
Ordner Gelöscht : C:\Program Files (x86)\miuitab
Ordner Gelöscht : C:\Program Files (x86)\Product Deals
Ordner Gelöscht : C:\Program Files (x86)\FastSearch
Ordner Gelöscht : C:\Program Files (x86)\Winsta
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\BrowserHelper
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\E7E25121-1436991423-BACC-826D-3BF07DDA202C
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\ASPackage
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\IQIYI Video
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\cpuminer
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Ordner Gelöscht : C:\Users\ADMIN\Documents\Updater
Ordner Gelöscht : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\Extensions\searchffv2@gmail.com
Ordner Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphbmanpfjfdngbaamhajooihmjacmfe
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphbmanpfjfdngbaamhajooihmjacmfe
Ordner Gelöscht : C:\ProgramData\hcejfjmfafcmaokigkojhjkllgnjkdle
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nphbmanpfjfdngbaamhajooihmjacmfe_0.localstorage
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nphbmanpfjfdngbaamhajooihmjacmfe_0.localstorage-journal
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu.dll
Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu64.dll
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\WikiUpdate.exe
Datei Gelöscht : C:\Users\ADMIN\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
Datei Gelöscht : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\oursurfing.xml
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
Datei Gelöscht : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\ADMIN\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\ADMIN\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : AmiUpdXp
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : BitGuard
Task Gelöscht : Convertor
Task Gelöscht : RunAsStdUser Task
Task Gelöscht : SMupdate1
Task Gelöscht : WinKit
Task Gelöscht : Microsoft\Windows\Multimedia\SMupdate3
Task Gelöscht : Microsoft\Windows\Maintenance\SMupdate2
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi
Task Gelöscht : Winsta Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Schlüssel Gelöscht : HKLM\SOFTWARE\c0bff945-8602-332b-8fc6-b8f0bdc1f3de
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CC6F4F54-6EF8-4E84-BDC6-ABC6F83100BE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\WajIEnhance
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\Crossbrowse
Schlüssel Gelöscht : HKCU\Software\YorkNewCin
Schlüssel Gelöscht : HKCU\Software\HighDefAction
Schlüssel Gelöscht : HKCU\Software\InfoSpace.com
Schlüssel Gelöscht : HKCU\Software\ArenaHD
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Crossbrowse
Schlüssel Gelöscht : HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : HKLM\SOFTWARE\oursurfingSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\ArenaHD
Schlüssel Gelöscht : HKLM\SOFTWARE\searchult
Schlüssel Gelöscht : HKLM\SOFTWARE\FastSearch
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YorkNewCin
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\HighDefAction
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ArenaHD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B3FE01107D5856345B58C425C1AF0946
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:9880
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17278

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v28.0 (de)

[xd9kpdci.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX");
[xd9kpdci.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[xd9kpdci.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[xd9kpdci.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX");

-\\ Google Chrome v43.0.2357.134

[C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=dspp&ts=1436984128&z=ef56230c1e3d00b917802dfgezdc8qct5baz6g1o1g&from=amt&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
[C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}
[C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX
[C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : 246460BECD31EC3D1B6493BEE3F80EB922255E753192A1AE487B22C2B6AE2380"},"software_reporter":{"prompt_reason":"0FD1AAB4F50D0EB3C4401BC7A2ED4279B1F0FD814D89214FE107DDF3CEBCF2B9","prompt_seed":"D98D29C8B3625C60B2ADF88C4464AFD73364AA12778943B2EF95760E1A3D3C23","prompt_version":"E0EAF22AF46AE7801AACA55FB1EC7633EDB69BFACD358A06A43B930EF85EE527"},"sync":{"remaining_rollback_tries":"9CEC2E5B2FDED4DD2BFE4BCC3A859FEC5431399A3BC18484B1336F9D7EA91805"}},"super_mac":"05BD2C3B5E0E5A8866A4FE69B26D0D779B39B2FD6DE5711E5AEF3336573E44DA"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.mystartsearch.com/?type=hp&ts=1436984882&z=d7c1e07999a6c7818f283c3g7zac2qbt3bdz3b9w6q&from=cmi&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX

-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [32539 Bytes] - [16/07/2015 16:57:51]
AdwCleaner[S0].txt - [28103 Bytes] - [16/07/2015 17:01:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28163  Bytes] ##########
         
und noch ...

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by ADMIN on 16.07.2015 at 17:11:34,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] gogegijy [Reboot required]
Successfully deleted: [Service] vicoqudu [Reboot required]
Successfully deleted: [Service] zejytose [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Bidaily Synchronize Task[8da6]
Successfully deleted: [Task] C:\WINDOWS\tasks\Bidaily Synchronize Task[8da6].job
Successfully deleted: [Task] C:\WINDOWS\tasks\BvdGG0XR8EWfe.job
Successfully deleted: [Task] C:\WINDOWS\tasks\Q1jdNr4UILjx.job
Successfully deleted: [Task] C:\WINDOWS\tasks\vdWjxqXW6.job
Successfully deleted: [Task] C:\WINDOWS\tasks\Wjyq6XTaP1xNI8.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\apphide
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_de_005010032
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mbot_de_014010032



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E6E66055-F951-4DBF-962E-963A4FB7AE09}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E66055-F951-4DBF-962E-963A4FB7AE09}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E6E66055-F951-4DBF-962E-963A4FB7AE09}



~~~ Files

Successfully deleted: [File] C:\Users\ADMIN\appdata\local\nsbF969.tmp
Successfully deleted: [File] C:\Users\ADMIN\appdata\local\nshF6BF.tmp
Successfully deleted: [File] C:\Users\ADMIN\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\ADMIN\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\BvdGG0XR8EWfe
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\BvdGG0XR8EWfe.exe
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\Q1jdNr4UILjx
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\Q1jdNr4UILjx.exe
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\vdWjxqXW6
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\vdWjxqXW6.exe
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\Wjyq6XTaP1xNI8
Successfully deleted: [File] C:\Users\ADMIN\AppData\Roaming\Wjyq6XTaP1xNI8.exe



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\mbot_de_014010031 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Program Files (x86)\newsoft
Successfully deleted: [Folder] C:\Program Files\software informer
Successfully deleted: [Folder] C:\Users\ADMIN\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\ADMIN\appdata\local\installer
Successfully deleted: [Folder] C:\Users\ADMIN\appdata\local\newsoft
Successfully deleted: [Folder] C:\Users\ADMIN\appdata\local\sysassistbyhotwheel
Successfully deleted: [Folder] C:\Users\ADMIN\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\ADMIN\AppData\Roaming\pdfconvert
Successfully deleted: [Folder] C:\Users\ADMIN\documents\my pagemanager
Successfully deleted: [Folder] C:\ProgramData\11045394643943100347



~~~ FireFox

Successfully deleted: [Folder] C:\Users\ADMIN\AppData\Roaming\mozilla\firefox\profiles\xd9kpdci.default\extensions\staged
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@iqiyi.com/npwebplayer



~~~ Chrome


[C:\Users\ADMIN\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ADMIN\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ADMIN\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ADMIN\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
         
und zum Ende noch ...

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ADMIN (administrator) on WELLER´S on 16-07-2015 17:20:47
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [WrtMon.exe] => C:\windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-06-03] (Buhl Data Service)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\MountPoints2: {d4f887f3-62ac-11e4-8026-4c72b994d0f4} - "K:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-07-11]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-04-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-01-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2013-10-23]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2013-05-07]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013-01-06]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2824886842-1903998303-2860717336-1011] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2824886842-1903998303-2860717336-1011] => http=127.0.0.1:9881
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {5C066E4E-BF62-492A-99B2-2FE1F400FF94} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-04] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cc0cfdc2-38b0-11e3-8250-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{F820D289-A089-4FF2-8FAB-FB08B96BF856}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{F820D289-A089-4FF2-8FAB-FB08B96BF856}: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2009-11-12] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2824886842-1903998303-2860717336-1011: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt [2013-12-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml [2013-05-27]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-17]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\searchffv2@gmail.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\xd9kpdci.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16]
CHR Extension: (Google Docs) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16]
CHR Extension: (Google Drive) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-16]
CHR Extension: (YouTube) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-16]
CHR Extension: (Google Search) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-16]
CHR Extension: (Google Sheets) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Gmail) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-02] (Emsisoft GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
R2 Usvalumerer; C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe [281088 2015-06-16] () [File not signed] <==== ATTENTION
S2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-28] (RealVNC Ltd)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
S2 WajIEn Monitor; C:\Program Files\WajIEn\wajam_64.exe [2039808 2015-07-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 OADevice; C:\WINDOWS\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\WINDOWS\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\WINDOWS\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 17:19 - 2015-07-16 17:19 - 00004604 _____ C:\Users\ADMIN\Desktop\JRT.txt
2015-07-16 17:10 - 2015-07-16 17:11 - 01797576 _____ (Malwarebytes Corporation) C:\Users\ADMIN\Downloads\JRT.exe
2015-07-16 17:05 - 2015-07-16 17:05 - 00028632 _____ C:\Users\ADMIN\Desktop\AdwCleaner[S0].txt
2015-07-16 16:57 - 2015-07-16 17:01 - 00000000 ____D C:\AdwCleaner
2015-07-16 16:50 - 2015-07-16 16:50 - 00003452 _____ C:\Users\ADMIN\Desktop\mbam.txt
2015-07-16 16:50 - 2015-07-16 16:50 - 00001587 _____ C:\Users\ADMIN\Desktop\mbam.exe - Verknüpfung.lnk
2015-07-16 16:43 - 2015-07-16 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn
2015-07-16 16:43 - 2015-07-16 16:43 - 00000000 ____D C:\Program Files\WajIEn
2015-07-16 16:42 - 2015-07-16 16:42 - 00003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1437057596
2015-07-16 16:42 - 2015-07-16 16:42 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Opera Software
2015-07-16 16:42 - 2015-07-16 16:42 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Opera Software
2015-07-16 16:39 - 2015-07-16 16:39 - 00001153 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-16 16:39 - 2015-07-16 16:39 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-16 16:38 - 2015-07-16 16:52 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-16 16:38 - 2015-07-16 16:38 - 00001089 _____ C:\Users\ADMIN\Desktop\DocToPDFConverter.lnk
2015-07-16 16:38 - 2015-07-16 16:38 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DocToPDFConverter
2015-07-16 16:38 - 2015-07-16 16:38 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\DocToPDFConverter
2015-07-16 16:37 - 2015-07-16 16:37 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Browser-Security
2015-07-16 16:33 - 2015-07-16 16:33 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-07-16 16:28 - 2015-07-16 17:04 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 16:28 - 2015-07-16 16:28 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-16 16:28 - 2015-07-16 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-16 16:28 - 2015-07-16 16:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-16 16:28 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-16 16:28 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-16 16:28 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-16 16:26 - 2015-07-16 16:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-16 16:02 - 2015-07-16 16:46 - 00001902 _____ C:\WINDOWS\PFRO.log
2015-07-16 15:50 - 2015-07-16 15:50 - 00001286 _____ C:\Users\ADMIN\Desktop\Revo Uninstaller.lnk
2015-07-16 15:50 - 2015-07-16 15:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-16 15:49 - 2015-07-16 15:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ADMIN\Downloads\revosetup95.exe
2015-07-16 13:32 - 2015-07-16 13:32 - 00059754 _____ C:\Users\ADMIN\Downloads\Addition.txt
2015-07-16 13:31 - 2015-07-16 17:20 - 00020614 _____ C:\Users\ADMIN\Downloads\FRST.txt
2015-07-16 13:28 - 2015-07-16 17:20 - 00000000 ____D C:\FRST
2015-07-16 13:27 - 2015-07-16 13:28 - 02133504 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe
2015-07-16 07:44 - 2015-07-16 07:44 - 00003434 _____ C:\Users\ADMIN\Desktop\cc_20150716_074412.reg
2015-07-16 07:41 - 2015-07-16 17:14 - 00314101 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-16 07:34 - 2015-07-16 07:34 - 00000000 _____ C:\Users\ADMIN\AppData\Local\Temp.dat
2015-07-16 07:33 - 2015-07-16 07:33 - 00004690 _____ C:\Users\ADMIN\Desktop\cc_20150716_073306.reg
2015-07-16 07:32 - 2015-07-16 07:32 - 00036178 _____ C:\Users\ADMIN\Desktop\cc_20150716_073209.reg
2015-07-16 07:31 - 2015-07-16 07:31 - 00220346 _____ C:\Users\ADMIN\Desktop\cc_20150716_073114.reg
2015-07-16 06:33 - 2015-07-16 06:55 - 00000354 _____ C:\WINDOWS\Tasks\WalkingBuddy.job
2015-07-16 06:33 - 2015-07-16 06:33 - 00003240 _____ C:\WINDOWS\System32\Tasks\WalkingBuddy
2015-07-16 06:32 - 2015-07-16 06:32 - 00000000 _____ C:\dummy.htm
2015-07-16 06:23 - 2015-07-16 06:23 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13B30299-8D40-4641-B727-461FBD9BAD98}
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieUserList
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 __SHD C:\Users\Sabine Weller\AppData\Local\EmieSiteList
2015-07-16 06:23 - 2015-07-16 06:23 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Macromedia
2015-07-16 06:14 - 2015-07-16 06:47 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1016
2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Buhl Data Service GmbH
2015-07-16 06:11 - 2015-07-16 06:11 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Buhl Data Service GmbH
2015-07-15 22:01 - 2015-07-15 22:01 - 00000881 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\Weller, Johannes - Einkommensteuer 2014.lnk
2015-07-15 22:00 - 2015-07-15 22:00 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\ESt Johannes
2015-07-15 21:59 - 2015-07-15 22:02 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\Steuer-Sparbuch
2015-07-15 21:59 - 2015-07-15 21:59 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Desktop\JOHANNES
2015-07-15 21:53 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\ESt Johannes
2015-07-15 21:52 - 2015-07-15 21:52 - 00001004 _____ C:\Users\Johannes Weller.WELLER´S\Desktop\MeinGeld_2015.lnk
2015-07-15 21:52 - 2015-07-15 21:52 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld
2015-07-15 21:49 - 2015-07-15 22:04 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1015
2015-07-15 21:45 - 2015-07-15 21:53 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Documents\WISO Mein Geld_neu
2015-07-15 21:33 - 2015-07-16 06:47 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\ClassicShell
2015-07-15 21:32 - 2015-07-16 06:47 - 00002563 _____ C:\Users\Sabine Weller\Sti_Trace.log
2015-07-15 21:32 - 2015-07-16 06:08 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\.oit
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Polar WebSync
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\Documents\My PageManager
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\NewSoft
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Hewlett-Packard
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Epson
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Apple Computer
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Power2Go8
2015-07-15 21:32 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\NewSoft
2015-07-15 21:31 - 2015-07-15 21:35 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\RealVNC
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\VirtualStore
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Packages
2015-07-15 21:31 - 2015-07-15 21:32 - 00000000 ____D C:\Users\Sabine Weller
2015-07-15 21:31 - 2015-07-15 21:31 - 00001456 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:31 - 2015-07-15 21:31 - 00000020 ___SH C:\Users\Sabine Weller\ntuser.ini
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Vorlagen
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Startmenü
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Netzwerkumgebung
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Lokale Einstellungen
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Eigene Dateien
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Druckumgebung
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Musik
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Documents\Eigene Bilder
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Verlauf
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\AppData\Local\Anwendungsdaten
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 _SHDL C:\Users\Sabine Weller\Anwendungsdaten
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Adobe
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Buhl Data Service GmbH
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service GmbH
2015-07-15 21:31 - 2015-07-15 21:31 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl Data Service
2015-07-15 21:31 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:31 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:31 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:31 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:31 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Sabine Weller\Documents\Anti-Malware
2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\Documents\hp.system.package.metadata
2015-07-15 21:31 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Sabine Weller\AppData\Local\Microsoft Help
2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:31 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Sabine Weller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:30 - 2015-07-15 21:54 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Buhl
2015-07-15 21:29 - 2015-07-15 22:03 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\ClassicShell
2015-07-15 21:28 - 2015-07-15 21:59 - 00001101 _____ C:\Users\Johannes Weller.WELLER´S\Sti_Trace.log
2015-07-15 21:28 - 2015-07-15 21:45 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\.oit
2015-07-15 21:28 - 2015-07-15 21:29 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Packages
2015-07-15 21:28 - 2015-07-15 21:28 - 00001456 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:28 - 2015-07-15 21:28 - 00000020 ___SH C:\Users\Johannes Weller.WELLER´S\ntuser.ini
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Vorlagen
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Startmenü
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Netzwerkumgebung
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Lokale Einstellungen
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Eigene Dateien
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Druckumgebung
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Musik
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Documents\Eigene Bilder
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Verlauf
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\AppData\Local\Anwendungsdaten
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 _SHDL C:\Users\Johannes Weller.WELLER´S\Anwendungsdaten
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\Polar WebSync
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\NewSoft
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Hewlett-Packard
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Epson
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Apple Computer
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Adobe
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\VirtualStore
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\RealVNC
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Power2Go8
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\NewSoft
2015-07-15 21:28 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S
2015-07-15 21:28 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:28 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:28 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:28 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:28 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Local\Microsoft Help
2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Johannes Weller.WELLER´S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:27 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\ClassicShell
2015-07-15 21:26 - 2015-07-15 21:28 - 00000000 ____D C:\Users\Admin_2\AppData\Local\RealVNC
2015-07-15 21:26 - 2015-07-15 21:27 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Packages
2015-07-15 21:26 - 2015-07-15 21:26 - 00001456 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:26 - 2015-07-15 21:26 - 00000364 _____ C:\Users\Admin_2\Sti_Trace.log
2015-07-15 21:26 - 2015-07-15 21:26 - 00000020 ___SH C:\Users\Admin_2\ntuser.ini
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Vorlagen
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Startmenü
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Netzwerkumgebung
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Lokale Einstellungen
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Eigene Dateien
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Druckumgebung
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Musik
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Documents\Eigene Bilder
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Verlauf
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\AppData\Local\Anwendungsdaten
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 _SHDL C:\Users\Admin_2\Anwendungsdaten
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Polar WebSync
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\Documents\My PageManager
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\NewSoft
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Hewlett-Packard
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Epson
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Apple Computer
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Adobe
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\.oit
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\VirtualStore
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Power2Go8
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2\AppData\Local\NewSoft
2015-07-15 21:26 - 2015-07-15 21:26 - 00000000 ____D C:\Users\Admin_2
2015-07-15 21:26 - 2014-11-16 18:28 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\EurekaLab s.a.s
2015-07-15 21:26 - 2014-09-17 20:27 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-15 21:26 - 2014-05-15 06:20 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-15 21:26 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-15 21:26 - 2014-01-17 12:10 - 00000000 ____D C:\Users\Admin_2\Documents\Anti-Malware
2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\Documents\hp.system.package.metadata
2015-07-15 21:26 - 2013-10-19 13:33 - 00000000 ____D C:\Users\Admin_2\AppData\Local\Microsoft Help
2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-15 21:26 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Admin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\Users\ADMIN\Documents\My Games
2015-07-15 21:21 - 2015-07-15 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-15 21:03 - 2015-07-15 21:03 - 00003152 _____ C:\WINDOWS\System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE}
2015-07-15 20:42 - 2015-07-15 20:42 - 00000000 __SHD C:\Program Files (x86)\Usvalumerer
2015-07-15 20:16 - 2015-07-15 23:09 - 00000000 ____D C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C
2015-07-15 20:16 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-15 20:15 - 2015-07-15 20:15 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-15 20:14 - 2015-07-15 20:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\OptiSpace
2015-07-15 20:14 - 2015-07-15 20:14 - 00003088 _____ C:\WINDOWS\System32\Tasks\tet3008
2015-07-15 20:06 - 2015-07-15 20:06 - 00000000 ____D C:\ppsfile
2015-07-15 20:05 - 2015-07-15 21:05 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Unity
2015-07-15 20:05 - 2015-07-15 20:05 - 00000000 ____D C:\Users\Public\QiYi
2015-07-15 20:04 - 2015-07-15 20:04 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-15 20:03 - 2015-07-15 20:03 - 01557520 _____ (Dummy, Ltd.) C:\Users\ADMIN\Downloads\u bahn london plan_10924_i33145093_il345.exe
2015-07-11 14:52 - 2015-07-11 14:52 - 00000000 ____D C:\Users\ADMIN\Documents\OneNote-Notizbücher
2015-07-08 17:27 - 2015-07-12 12:30 - 00073800 _____ C:\Users\ADMIN\Documents\M.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 17:15 - 2013-10-20 11:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1011
2015-07-16 17:13 - 2013-12-13 17:01 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-07-16 17:06 - 2013-10-20 11:03 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\ClassicShell
2015-07-16 17:04 - 2013-10-25 13:14 - 00287910 _____ C:\Users\ADMIN\Sti_Trace.log
2015-07-16 17:04 - 2013-10-19 15:51 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\.oit
2015-07-16 17:02 - 2013-10-22 07:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-16 17:02 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 17:01 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-16 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-16 16:48 - 2013-10-20 12:14 - 00000000 ____D C:\Users\ADMIN\Documents\Mein Steuer-Sparbuch Heute
2015-07-16 16:28 - 2013-12-12 20:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 16:08 - 2013-09-30 06:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-16 16:08 - 2013-09-30 05:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat
2015-07-16 16:08 - 2013-09-30 05:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat
2015-07-16 16:04 - 2013-11-11 20:48 - 00238080 ___SH C:\Users\ADMIN\Desktop\Thumbs.db
2015-07-16 16:04 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-16 07:28 - 2013-11-22 19:59 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-16 07:03 - 2013-08-22 15:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-07-16 06:18 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-16 06:09 - 2013-01-05 18:29 - 00000400 _____ C:\WINDOWS\ODBC.INI
2015-07-16 06:01 - 2013-01-06 08:53 - 00000000 ____D C:\Program Files\Google
2015-07-16 06:01 - 2013-01-05 17:32 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-15 21:32 - 2012-11-13 15:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-07-15 21:22 - 2013-11-11 20:31 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Google
2015-07-15 21:21 - 2014-08-05 19:07 - 00000000 ____D C:\Aerosoft
2015-07-15 21:21 - 2012-11-01 23:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-15 21:20 - 2014-08-05 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-07-15 21:18 - 2013-12-15 19:57 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-15 21:18 - 2013-10-19 15:51 - 00001009 _____ C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-15 21:12 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-15 21:08 - 2013-08-22 16:44 - 00508896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-15 21:03 - 2014-02-08 09:57 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-15 20:57 - 2013-01-09 12:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-15 18:56 - 2013-10-20 12:15 - 00000000 ____D C:\Users\ADMIN\Documents\Steuer-Sparbuch
2015-07-15 18:45 - 2013-10-20 11:08 - 00000000 ____D C:\Users\ADMIN\Documents\WISO Mein Geld_neu
2015-07-14 19:02 - 2013-10-22 07:11 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:38 - 2014-09-20 18:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:24 - 2014-12-28 01:53 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-05 11:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-06-28 12:21 - 2015-02-01 20:23 - 00034816 ___SH C:\Users\ADMIN\Documents\Thumbs.db
2015-06-28 12:16 - 2013-10-19 15:50 - 00000000 ____D C:\Users\ADMIN
2015-06-27 09:01 - 2013-10-28 17:01 - 00000000 ____D C:\Users\ADMIN\Documents\SigmaDataCenter3

==================== Files in the root of some directories =======

2015-07-16 07:34 - 2015-07-16 07:34 - 0000000 _____ () C:\Users\ADMIN\AppData\Local\Temp.dat
2013-01-05 20:12 - 2013-01-05 21:41 - 0008116 _____ () C:\ProgramData\hpzinstall.log
2012-11-13 15:56 - 2012-11-13 15:56 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-11-06 21:02 - 2014-11-30 00:05 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\ADMIN\AppData\Local\Temp\Quarantine.exe
C:\Users\ADMIN\AppData\Local\Temp\sqlite3.dll
C:\Users\ADMIN\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 17:15

==================== End of log ============================
         

Alt 16.07.2015, 22:25   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



Poste bitte das richtige Log von MBAM; und auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.07.2015, 16:01   #12
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



Hallo,

Was habe ich beim MBAM falsch gemacht??
Habe jetzt habe ich es nochmal durchsuchen lassen. Am Ende schreibt er, dass er 162 Bedrohungen gefunden hat. Aber ich habe da nur den Button Auswahl entfernen - nix mit Quarantäne. Was muss ich an dieser Stelle tun???

Sorry ich frag lieber nach bevor ich es wieder falsch mache.

Danke

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.07.2015
Suchlauf-Zeit: 16:07:12
Logdatei: mbam-1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.16.04
Rootkit Datenbank: v2015.07.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ADMIN

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 637611
Verstrichene Zeit: 25 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, 3316, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff]
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, 2960, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff]

Module: 8
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],

Registrierungsschlüssel: 42
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Usvalumerer, In Quarantäne, [532131b11b6fcb6bcb6988337f8201ff],
PUP.Optional.IQIYI.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}, In Quarantäne, [9fd5ca186228df57dc94f888b052d32d],
PUP.Optional.Babylon.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [d89c1ec490fa181eebbaa2e340c2f010],
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [6b094e94365446f0158a433d17eba65a],
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [6b094e94365446f0158a433d17eba65a],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajIEn Monitor, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIEn, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\SpaceSoundPro, In Quarantäne, [c8ac984ae5a566d0c8fc37612fd5fc04],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [7ef6984a305a90a6f77b7b14e123ff01],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [90e4b42e1d6dc571a0d1d2bdc044d927],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [79fbc31f4545a19598db0a85040024dc],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [3440ecf67d0def47a0b2b7db0ef6ae52],
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, In Quarantäne, [551fce1461290c2a3192098f05ff03fd],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9fd57e641674989e22bff6109c679a66],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [6311e5fd97f39f97e48e9ff059ab25db],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [215308da345615214b26deb1a95b41bf],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [7cf8b032b3d7a3936112c1ce8084c838],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, In Quarantäne, [c4b0c919c3c775c101e37b0d4eb6ef11],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{c31ed948}, In Quarantäne, [532135addfab06308424553bda2a6799],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [6a0a05ddf793e452f35fcec4a26217e9],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.07-nv, In Quarantäne, [383cd50d424875c1767abe5eba49827e],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.07-nv-ie, In Quarantäne, [5a1a14ce78121e1818d862ba60a348b8],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV15.07-nv, In Quarantäne, [680c568cdcaec670034de42daf54e719],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV15.07-nv-ie, In Quarantäne, [01734c96c3c777bfada366ab6b98f30d],
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv, In Quarantäne, [82f2578b8efca88ea94843d0877cd030],
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv-ie, In Quarantäne, [fa7a5989a2e86bcb5e930f04bb48867a],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-18\SOFTWARE\Object Browser-nv, In Quarantäne, [d59fc02264265cdac03fab634db630d0],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-18\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [24504c9696f451e5de21d935c2415da3],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [b2c213cfd3b7b185e463276dec180ef2],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [5222a24090fa58dee02f652846be3bc5],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\CinemaPlus-3.2cV15.07-nv-ie, In Quarantäne, [7ff50bd797f3280ecc2434e8cf34916f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\CinemaPlus_1.3dV15.07-nv-ie, In Quarantäne, [d4a0b62c1a70ef47440caa675aa9936d],
PUP.Optional.iWebar.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\iWebar-nv-ie, In Quarantäne, [d89c06dc9ded85b1668bff145ca733cd],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [94e0ac36d0bac86ecf306ea0e61d19e7],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, In Quarantäne, [6113eaf88406082e2902d172818246ba],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1459E12A-9574-4B6D-8B89-7C5D7051CC34}, In Quarantäne, [0470d50d7b0f0036462abfd0b74d956b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{366CBC68-9A32-45E3-823E-FF86AA5DD06E}, In Quarantäne, [de96fce69febec4afa75543b669edb25],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [5d17746e36541422a2cddab5e61e768a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [77fd2eb43654b77fe5899af5e81c25db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0286C11-89B9-4A4D-A453-9EF7CA57B3EC}, In Quarantäne, [561e0bd75d2d7eb86010d8b7ae56f20e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0479154-A6AC-4FC8-A750-3F32BC7458FB}, In Quarantäne, [7ff5e3fff793d26496dae1ae1be9da26],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [3d37934f008a61d57cf4a7e8976d50b0],

Registrierungswerte: 19
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [7ef6984a305a90a6f77b7b14e123ff01]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [90e4b42e1d6dc571a0d1d2bdc044d927]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [79fbc31f4545a19598db0a85040024dc]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [3440ecf67d0def47a0b2b7db0ef6ae52]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [6311e5fd97f39f97e48e9ff059ab25db]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [215308da345615214b26deb1a95b41bf]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [7cf8b032b3d7a3936112c1ce8084c838]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [6a0a05ddf793e452f35fcec4a26217e9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1459E12A-9574-4B6D-8B89-7C5D7051CC34}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [0470d50d7b0f0036462abfd0b74d956b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{366CBC68-9A32-45E3-823E-FF86AA5DD06E}|AppName, Plus-HD-1.3-enabler.exe-buttonutil.exe, In Quarantäne, [de96fce69febec4afa75543b669edb25]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [5d17746e36541422a2cddab5e61e768a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [77fd2eb43654b77fe5899af5e81c25db]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0286C11-89B9-4A4D-A453-9EF7CA57B3EC}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [561e0bd75d2d7eb86010d8b7ae56f20e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0479154-A6AC-4FC8-A750-3F32BC7458FB}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [7ff5e3fff793d26496dae1ae1be9da26]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [3d37934f008a61d57cf4a7e8976d50b0]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9881, In Quarantäne, [650fc1218a007bbbc90a50f0778ce31d]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1015\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [84f04d95adddb086944c54d4d3307b85]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [2c481dc5c2c831057c6442e627dc3cc4]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1017\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [b4c0e002a9e157df746c0523778cd828]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 11
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\platforms, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Uninstall Wajam, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [acc8c61c6e1c251166b1a266b94ab749],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],

Dateien: 80
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff],
PUP.Optional.Somoto.C, C:\Users\ADMIN\AppData\Local\Temp\nsxFB72.tmp, In Quarantäne, [e58fcb17a7e33600c86d442260a511ef],
PUP.Optional.Amonetize.A, C:\Users\ADMIN\Downloads\u bahn london plan_10924_i33145093_il345.exe, In Quarantäne, [ef859e447e0c9e9878f0d19404016b95],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\LoopbackForWin8.exe, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\platforms\qwindows.dll, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\snotlings, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\waaaghs, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_64.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_goblin.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_goblin_64.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\WWE_uninstall.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls\jdpfp.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls\zpcet.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\amazon.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\argos.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ask.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\bestbuy.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ebay.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\etsy.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\facebook.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\favicon.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\google.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\homedepot.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ikea.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\imdb.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\lowes.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\mercado.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\mysearchweb.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\myshopping.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\searchresult.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\sears.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\setting.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\settings.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\shopping.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\target.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\tesco.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\tripadvisor.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\twitter.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\wajam.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\walmart.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\wiki.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\yahoo.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\zalando.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Wajam Website.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Settings.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\SignIn with Facebook.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\SignIn with Twitter.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Ask.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Google.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\IMDb.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Shopping.com.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\TripAdvisor.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Wikipedia.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Yahoo!.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Amazon.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Argos.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Ebay.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Etsy.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\HomeDepot.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Ikea.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Lowe's.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Mercadolivre.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\MyShopping.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Sears.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Target.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Tesco.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Walmart.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Zalando.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Uninstall Wajam\uninstall.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [acc8c61c6e1c251166b1a266b94ab749],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [7103677b1674cb6bbe3e8404ef1503fd],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [81f3f5ed58325adcd329543459ab4ab6],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p4484.dat, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p7432.dat, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.07.2015
Suchlauf-Zeit: 16:07:12
Logdatei: mbam-1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.16.04
Rootkit Datenbank: v2015.07.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ADMIN

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 637611
Verstrichene Zeit: 25 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, 3316, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff]
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, 2960, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff]

Module: 8
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],

Registrierungsschlüssel: 42
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Usvalumerer, In Quarantäne, [532131b11b6fcb6bcb6988337f8201ff],
PUP.Optional.IQIYI.A, HKLM\SOFTWARE\CLASSES\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}, In Quarantäne, [9fd5ca186228df57dc94f888b052d32d],
PUP.Optional.Babylon.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [d89c1ec490fa181eebbaa2e340c2f010],
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [6b094e94365446f0158a433d17eba65a],
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [6b094e94365446f0158a433d17eba65a],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajIEn Monitor, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIEn, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\SpaceSoundPro, In Quarantäne, [c8ac984ae5a566d0c8fc37612fd5fc04],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [7ef6984a305a90a6f77b7b14e123ff01],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [90e4b42e1d6dc571a0d1d2bdc044d927],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [79fbc31f4545a19598db0a85040024dc],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [3440ecf67d0def47a0b2b7db0ef6ae52],
PUP.Optional.SpaceSoundPro.A, HKLM\SOFTWARE\WOW6432NODE\SpaceSondPro, In Quarantäne, [551fce1461290c2a3192098f05ff03fd],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9fd57e641674989e22bff6109c679a66],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [6311e5fd97f39f97e48e9ff059ab25db],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [215308da345615214b26deb1a95b41bf],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [7cf8b032b3d7a3936112c1ce8084c838],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, In Quarantäne, [c4b0c919c3c775c101e37b0d4eb6ef11],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{c31ed948}, In Quarantäne, [532135addfab06308424553bda2a6799],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [6a0a05ddf793e452f35fcec4a26217e9],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.07-nv, In Quarantäne, [383cd50d424875c1767abe5eba49827e],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.07-nv-ie, In Quarantäne, [5a1a14ce78121e1818d862ba60a348b8],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV15.07-nv, In Quarantäne, [680c568cdcaec670034de42daf54e719],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus_1.3dV15.07-nv-ie, In Quarantäne, [01734c96c3c777bfada366ab6b98f30d],
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv, In Quarantäne, [82f2578b8efca88ea94843d0877cd030],
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\iWebar-nv-ie, In Quarantäne, [fa7a5989a2e86bcb5e930f04bb48867a],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-18\SOFTWARE\Object Browser-nv, In Quarantäne, [d59fc02264265cdac03fab634db630d0],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-18\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [24504c9696f451e5de21d935c2415da3],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, In Quarantäne, [b2c213cfd3b7b185e463276dec180ef2],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [5222a24090fa58dee02f652846be3bc5],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\CinemaPlus-3.2cV15.07-nv-ie, In Quarantäne, [7ff50bd797f3280ecc2434e8cf34916f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\CinemaPlus_1.3dV15.07-nv-ie, In Quarantäne, [d4a0b62c1a70ef47440caa675aa9936d],
PUP.Optional.iWebar.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\iWebar-nv-ie, In Quarantäne, [d89c06dc9ded85b1668bff145ca733cd],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [94e0ac36d0bac86ecf306ea0e61d19e7],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, In Quarantäne, [6113eaf88406082e2902d172818246ba],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1459E12A-9574-4B6D-8B89-7C5D7051CC34}, In Quarantäne, [0470d50d7b0f0036462abfd0b74d956b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{366CBC68-9A32-45E3-823E-FF86AA5DD06E}, In Quarantäne, [de96fce69febec4afa75543b669edb25],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717C4D5B-4000-4F21-84C4-0AFC84862EEC}, In Quarantäne, [5d17746e36541422a2cddab5e61e768a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9F68BF-AE8B-4580-8F62-19C1BCB0B3F0}, In Quarantäne, [77fd2eb43654b77fe5899af5e81c25db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0286C11-89B9-4A4D-A453-9EF7CA57B3EC}, In Quarantäne, [561e0bd75d2d7eb86010d8b7ae56f20e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0479154-A6AC-4FC8-A750-3F32BC7458FB}, In Quarantäne, [7ff5e3fff793d26496dae1ae1be9da26],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC224BCB-84B1-4A33-95C0-A523B59448BC}, In Quarantäne, [3d37934f008a61d57cf4a7e8976d50b0],

Registrierungswerte: 19
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [7ef6984a305a90a6f77b7b14e123ff01]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [90e4b42e1d6dc571a0d1d2bdc044d927]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [79fbc31f4545a19598db0a85040024dc]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [3440ecf67d0def47a0b2b7db0ef6ae52]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [6311e5fd97f39f97e48e9ff059ab25db]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [215308da345615214b26deb1a95b41bf]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [7cf8b032b3d7a3936112c1ce8084c838]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [6a0a05ddf793e452f35fcec4a26217e9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1459E12A-9574-4B6D-8B89-7C5D7051CC34}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [0470d50d7b0f0036462abfd0b74d956b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{366CBC68-9A32-45E3-823E-FF86AA5DD06E}|AppName, Plus-HD-1.3-enabler.exe-buttonutil.exe, In Quarantäne, [de96fce69febec4afa75543b669edb25]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{717c4d5b-4000-4f21-84c4-0afc84862eec}|AppName, Plus-HD-1.3-buttonutil.exe, In Quarantäne, [5d17746e36541422a2cddab5e61e768a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f9f68bf-ae8b-4580-8f62-19c1bcb0b3f0}|AppName, Plus-HD-1.3-bg.exe, In Quarantäne, [77fd2eb43654b77fe5899af5e81c25db]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0286C11-89B9-4A4D-A453-9EF7CA57B3EC}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [561e0bd75d2d7eb86010d8b7ae56f20e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0479154-A6AC-4FC8-A750-3F32BC7458FB}|AppName, Plus-HD-1.3-enabler.exe-codedownloader.exe, In Quarantäne, [7ff5e3fff793d26496dae1ae1be9da26]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{fc224bcb-84b1-4a33-95c0-a523b59448bc}|AppName, Plus-HD-1.3-codedownloader.exe, In Quarantäne, [3d37934f008a61d57cf4a7e8976d50b0]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9881, In Quarantäne, [650fc1218a007bbbc90a50f0778ce31d]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1015\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [84f04d95adddb086944c54d4d3307b85]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1016\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [2c481dc5c2c831057c6442e627dc3cc4]
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1017\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9880, In Quarantäne, [b4c0e002a9e157df746c0523778cd828]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 11
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\platforms, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Uninstall Wajam, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [acc8c61c6e1c251166b1a266b94ab749],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],

Dateien: 80
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe, Löschen bei Neustart, [532131b11b6fcb6bcb6988337f8201ff],
PUP.Optional.Somoto.C, C:\Users\ADMIN\AppData\Local\Temp\nsxFB72.tmp, In Quarantäne, [e58fcb17a7e33600c86d442260a511ef],
PUP.Optional.Amonetize.A, C:\Users\ADMIN\Downloads\u bahn london plan_10924_i33145093_il345.exe, In Quarantäne, [ef859e447e0c9e9878f0d19404016b95],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\LoopbackForWin8.exe, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcp120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\msvcr120.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Core.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\Qt5Network.dll, Löschen bei Neustart, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Obrona.Gen, C:\Program Files (x86)\Usvalumerer\platforms\qwindows.dll, In Quarantäne, [b8bc0dd5cebc310525e163a1ab584eb2],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\snotlings, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\waaaghs, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_64.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_goblin.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\wajam_goblin_64.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\WWE_uninstall.exe, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls\jdpfp.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\dlls\zpcet.dll, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\amazon.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\argos.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ask.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\bestbuy.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ebay.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\etsy.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\facebook.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\favicon.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\google.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\homedepot.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\ikea.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\imdb.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\lowes.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\mercado.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\mysearchweb.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\myshopping.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\searchresult.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\sears.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\setting.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\settings.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\shopping.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\target.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\tesco.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\tripadvisor.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\twitter.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\wajam.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\walmart.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\wiki.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\yahoo.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\Program Files\WajIEn\logos\zalando.ico, In Quarantäne, [a2d225bdfc8e181e7f73c93c5fa42bd5],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Wajam Website.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Settings.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\SignIn with Facebook.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\SignIn with Twitter.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Ask.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Google.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\IMDb.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Shopping.com.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\TripAdvisor.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Wikipedia.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Search\Yahoo!.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Amazon.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Argos.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Ebay.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Etsy.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\HomeDepot.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Ikea.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Lowe's.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Mercadolivre.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\MyShopping.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Sears.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Target.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Tesco.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Walmart.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Explore Social Shopping\Zalando.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajIEn\Uninstall Wajam\uninstall.lnk, In Quarantäne, [88eccd153a500135767d7f860cf7fb05],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [acc8c61c6e1c251166b1a266b94ab749],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [7103677b1674cb6bbe3e8404ef1503fd],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [81f3f5ed58325adcd329543459ab4ab6],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p4484.dat, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],
PUP.Optional.PlusHD.A, C:\Users\ADMIN\AppData\LocalLow\Plus-HD-1.3\DTFProxyToServerSect_bCrossriderApp0031257_p7432.dat, In Quarantäne, [8be9eef44f3b49ed3ba517c05aa836ca],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

oh ich glaube das war jetzt doppelt.
Es ist total schwierig zu antworten, da sich immer ganz viele Fenster wie von Zauberhand öffnen - sorry.

Hier noch das FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ADMIN (administrator) on WELLER´S on 18-07-2015 16:52:58
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
         
und die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ADMIN at 2015-07-18 16:53:52
Running from C:\Users\ADMIN\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-2824886842-1903998303-2860717336-1011 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-2824886842-1903998303-2860717336-500 - Administrator - Disabled)
Admin_2 (S-1-5-21-2824886842-1903998303-2860717336-1017 - Administrator - Enabled) => C:\Users\Admin_2
Gast (S-1-5-21-2824886842-1903998303-2860717336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2824886842-1903998303-2860717336-1010 - Limited - Enabled)
Johannes Weller (S-1-5-21-2824886842-1903998303-2860717336-1015 - Limited - Enabled) => C:\Users\Johannes Weller.WELLER´S
Sabine Weller (S-1-5-21-2824886842-1903998303-2860717336-1016 - Limited - Enabled) => C:\Users\Sabine Weller
UpdatusUser (S-1-5-21-2824886842-1903998303-2860717336-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.6.0 - )
BTUpdater 1.3 (HKLM-x32\...\{7B667522-CC69-4191-8154-6C16DD8AE754}_is1) (Version:  - Midland)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c7100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.40.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DocToPDFConverter (HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON WF-3540 Series (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EnBW StromRadar (HKLM-x32\...\{3BEB39C1-E448-45D2-97E2-A9B2A2DE7A54}) (Version: 2.2.4.1 - EnBW Energie Baden-Württemberg AG)
Epson Benutzerhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Friendly Error (HKLM-x32\...\FriendlyError) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{9074AFC0-CFDA-11DE-B484-005056806466}) (Version: 5.1.3533.1731 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
MailStore Home 8.0.2.8361 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.0.2.8361 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigma Data Center 3.1 (HKLM-x32\...\Sigma Data Center3.1) (Version: 3.1 - Sigma Elektro GmbH)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tippmaster v3.5.0 (HKLM-x32\...\Tippmaster_is1) (Version: 3.5.0 - Hofmann & Gschwandtner GbR)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tyre (HKLM\...\Tyre_is1) (Version: 6.4.1.4 - 't Schrijverke)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VNC Server 5.2.3 (HKLM\...\{0D2201F0-2E7B-4C89-8C5D-03D3F5BB5042}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{8824CB84-60DF-4CBC-AB3A-7C5AB2A41F31}) (Version: 5.2.3 - RealVNC Ltd)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Wise Program Uninstaller 1.58 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.58 - WiseCleaner.com, Inc.)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{C5503285-CB32-4922-8C62-940D8F11A9AF}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{ED4D896D-EA6C-4FC4-8F2A-DB4BA4A24D8E}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.7.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.7 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-07-2015 12:33:18 Geplanter Prüfpunkt
15-07-2015 21:18:56 RedDotView wird entfernt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {3ADF46ED-BF19-4897-97EE-CDBECFD552DA} - System32\Tasks\Opera scheduled Autoupdate 1437057596 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {403F192B-05D2-43E3-8869-620A29982E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5542B2D9-B689-43F9-A34B-7956340AA4B6} - System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE} => pcalua.exe -a C:\Users\ADMIN\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: {79D5B119-27D0-476B-9DA2-1D4FD0B11983} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {824EFD4E-87E1-4095-A78D-A29EFA9A7F64} - System32\Tasks\tet3008 => C:\PROGRA~2\FASTSE~1\tet3008.exe
Task: {B1174188-13B8-48E9-B74E-1A850D5DE550} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {C2E93577-EF06-4A34-B343-6AD4EE804DB3} - System32\Tasks\{0F868CCB-3067-458A-8588-C2F3A59927E1} => pcalua.exe -a "C:\Users\ADMIN\Neuer Ordner\Adobe Photoshop CS2\Photoshop.exe"
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: {F35425DA-FE48-4B87-8A2A-82E58A53B62C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-15 22:52 - 2015-07-15 22:52 - 00318976 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
2015-07-15 20:16 - 2015-07-15 20:16 - 00165376 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
2015-07-15 20:16 - 2015-07-15 20:16 - 00199168 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
2015-07-15 20:42 - 2015-06-16 08:50 - 00281088 _____ () C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2013-10-19 15:53 - 2013-10-19 15:53 - 00120224 _____ () C:\Users\ADMIN\AppData\Local\assembly\dl3\P614JHN7.VQO\W1HP4Z1K.AEP\71599d0e\0017145d_cd85cd01\HPItunesModule.DLL
2012-11-02 00:03 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 09707800 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 03890288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02745624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02123032 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 04325144 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01573656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 05300504 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01702168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01810712 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01629464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 07353112 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5F9756F8-F816-4DE6-A134-5D11177D7101}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7981A029-D266-40E9-8499-7F3BBA171FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E3F9B456-71FC-4F76-BAC7-46FCB2AA86E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F7DAAC50-7E76-40D3-A44C-77B9B75D6369}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4C0198E3-C12B-4A9E-B9A5-B6BF436F7333}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{29318F9F-FA7C-44E7-B609-8BFE5E8F60F2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{187001C2-A9FD-4738-A9D7-89433C1FB225}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{A82D82B7-05F7-4490-AA02-40D5399142A6}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [UDP Query User{8C6F5E26-8FA7-4115-8F61-D82EDFC9AE04}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{175BA418-B764-485D-9943-0AF872B5D9AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F506FFD2-183C-41C2-AC8D-FBDECFFD3363}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{190C1071-58EA-4882-9ACF-316A9638480C}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{184AF574-C0E6-446E-AD99-BD9058C97625}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{12EA3BDB-93C9-45BD-AB70-C117A9F831C3}] => (Allow) LPort=1900
FirewallRules: [{2BE7D240-AF5F-45D1-BADA-89C92BF70400}] => (Allow) LPort=2869
FirewallRules: [{79FE28F8-EED0-4967-8B27-92E8A8135D0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6AAA071-2BC3-4DB2-BEEA-39E7931D45B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B15D2672-42B0-480B-B5F2-95CE3DFEA96B}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0FC1CB29-1930-4B9D-9BEF-D9D32751DD9F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E0CA7CA3-1F8F-4424-859A-B665AEB49A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{85FF2813-CFC0-4F50-BABB-33F4BE24A9AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BEA04FFC-BB6B-4A84-812B-F2E390B0C473}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{627C4A04-57BB-4398-9591-4C437921F320}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{89D838A2-B075-4070-B293-FF8275CF38EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{46D60460-5EB4-4DA3-A2E1-24643B92E859}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CA266968-5A05-41FE-A575-EB16DDEEC003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{271D426C-C8A5-42B0-A682-C6BF0A804EF3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B5EDCB63-5528-4F3B-AF7C-8E426A21B72F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BA24CC07-2ECA-4A70-AF51-3A65385E3224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{35630A5F-E721-41F6-BB13-F2EF8A017A76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC88955-5F3D-40B1-B76D-3150AF83DD89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1D4C01B2-5C30-4199-BECA-167220AAEF41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{10CC3518-034E-4C35-A05A-641EC51A651A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1EBE767D-BCE5-4A63-9AB2-5F20B4418CCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DC1CF583-EDB4-41EB-A277-897394E657CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DE5BC789-275E-40FD-8D46-433D87D18079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{27565CFB-E031-41E5-B9EB-039F3D82503E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{288FA507-0B1F-44F2-869F-9D70621F802C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E564077B-B46E-40BB-8E20-9944DAF606D0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5FB3B7CE-77ED-4CE9-AB9C-A784B8545EB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0927140B-67CC-4CAF-BC42-0B3AA65B6865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{049B4734-126A-4323-B687-166753E685C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E2445DD-8DB1-42F9-A50D-2FC2A9DD074E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9AA2FFA-0578-4A9F-B4F7-93916239CC10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAD961B2-CCF2-4BB3-8034-8FA9FB36D2A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA6546CB-2854-4F31-8927-C8FBC13890AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BEDD147-C820-4DAD-BE8A-FAB1A11C3044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D926CA5-8A9A-455B-8E03-B604543294D0}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{A963906A-A239-488F-9E3B-145A0AFB4129}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{074278CB-3606-43C3-9B87-77C5B90F38A0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CC38E1A2-EEDC-4BF2-8B9B-DA63DF25FCEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8709488-C5F5-45E3-9DAC-C70EA4C64314}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{66D57E6A-E583-42E5-93BA-E661D6B9BAEB}] => (Allow) LPort=53000
FirewallRules: [{D639270F-1563-405A-9661-E01877876654}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============

Name: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Description: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (8144) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.0, Zeitstempel: 0x552d3c4a
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.2.0.0, Zeitstempel: 0x552d380e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000ed7de
ID des fehlerhaften Prozesses: 0xbe4
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (8572) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2314

Startzeit: 01d0bf81840d8d1d

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: da54f83c-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsl168.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 23a0

Startzeit: 01d0bf80c69f2627

Endzeit: 4294967295

Anwendungspfad: C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp

Berichts-ID: 9d0059ca-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (5604) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.


System errors:
=============
Error: (07/17/2015 10:26:06 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/17/2015 04:03:57 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:07 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:06 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:12:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost8144Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.1.0.0552d3c4ambamcore.dll1.2.0.0552d380ec0000417000ed7debe401d0bfd64315b495C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamcore.dllf46336e1-2bca-11e5-8039-4c72b994d0f4

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail8572WindowsMail0:

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4231401d0bf81840d8d1d4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeda54f83c-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsl168.tmp0.0.0.023a001d0bf80c69f26274294967295C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp9d0059ca-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost5604Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 20:32:34.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:34.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:20.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-02 17:46:42.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-29 18:58:01.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-26 11:58:12.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 12227.56 MB
Available physical RAM: 9423.61 MB
Total Virtual: 14083.56 MB
Available Virtual: 10621.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.95 GB) (Free:1475.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D65FE7C9)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: ECA99B82)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================
         
--- --- ---

--- --- ---

Alt 18.07.2015, 16:13   #13
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



oh ich glaube das war jetzt doppelt.
Es ist total schwierig zu antworten, da sich immer ganz viele Fenster wie von Zauberhand öffnen - sorry.

Hier noch das FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by ADMIN (administrator) on WELLER´S on 18-07-2015 16:52:58
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN (Available Profiles: ADMIN & Johannes Weller & Sabine Weller & Admin_2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
() C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
         
und die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by ADMIN at 2015-07-18 16:53:52
Running from C:\Users\ADMIN\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-2824886842-1903998303-2860717336-1011 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-2824886842-1903998303-2860717336-500 - Administrator - Disabled)
Admin_2 (S-1-5-21-2824886842-1903998303-2860717336-1017 - Administrator - Enabled) => C:\Users\Admin_2
Gast (S-1-5-21-2824886842-1903998303-2860717336-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2824886842-1903998303-2860717336-1010 - Limited - Enabled)
Johannes Weller (S-1-5-21-2824886842-1903998303-2860717336-1015 - Limited - Enabled) => C:\Users\Johannes Weller.WELLER´S
Sabine Weller (S-1-5-21-2824886842-1903998303-2860717336-1016 - Limited - Enabled) => C:\Users\Sabine Weller
UpdatusUser (S-1-5-21-2824886842-1903998303-2860717336-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Anleitung für Epson Connect (HKLM-x32\...\Epson Connect Guide) (Version:  - )
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.0.6.0 - )
BTUpdater 1.3 (HKLM-x32\...\{7B667522-CC69-4191-8154-6C16DD8AE754}_is1) (Version:  - Midland)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C7100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c7100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.40.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DocToPDFConverter (HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\DocToPDFConverter) (Version: 01.00.00.00 - VolatoTech)
Download Navigator (HKLM-x32\...\{D0353B68-A142-4F89-A46E-1C9A7745D636}) (Version: 3.4.1 - SEIKO EPSON CORPORATION)
Druckerdeinstallation für EPSON WF-3540 Series (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
EnBW StromRadar (HKLM-x32\...\{3BEB39C1-E448-45D2-97E2-A9B2A2DE7A54}) (Version: 2.2.4.1 - EnBW Energie Baden-Württemberg AG)
Epson Benutzerhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson Netzwerkhandbuch WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version:  - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Friendly Error (HKLM-x32\...\FriendlyError) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{9074AFC0-CFDA-11DE-B484-005056806466}) (Version: 5.1.3533.1731 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
MailStore Home 8.0.2.8361 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.0.2.8361 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{320453EE-6AEA-4E1A-8E64-72F33C0C928F}) (Version: 2.8.10006 - Polar Electro Oy)
Presto! PageManager 9.03 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RegUtility version 4.1 (HKLM-x32\...\RegUtility_is1) (Version: 4.1 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sigma Data Center 3.1 (HKLM-x32\...\Sigma Data Center3.1) (Version: 3.1 - Sigma Elektro GmbH)
Sigma Data Center 3.2 (HKLM-x32\...\Sigma Data Center3.2) (Version: 3.2 - Sigma Elektro GmbH)
Sigma Data Center 3.3 (HKLM-x32\...\Sigma Data Center3.3) (Version: 3.3 - Sigma Elektro GmbH)
Software Informer 1.2 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Tippmaster v3.5.0 (HKLM-x32\...\Tippmaster_is1) (Version: 3.5.0 - Hofmann & Gschwandtner GbR)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tyre (HKLM\...\Tyre_is1) (Version: 6.4.1.4 - 't Schrijverke)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VNC Server 5.2.3 (HKLM\...\{0D2201F0-2E7B-4C89-8C5D-03D3F5BB5042}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{8824CB84-60DF-4CBC-AB3A-7C5AB2A41F31}) (Version: 5.2.3 - RealVNC Ltd)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports  (04/27/2012 5.1.2600.5512) (HKLM\...\DCCAC4C88E429408A2DDF8C0C5BAEB9187FA5713) (Version: 04/27/2012 5.1.2600.5512 - SIGMA Elektro GmbH)
Wise Program Uninstaller 1.58 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.58 - WiseCleaner.com, Inc.)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{C5503285-CB32-4922-8C62-940D8F11A9AF}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{ED4D896D-EA6C-4FC4-8F2A-DB4BA4A24D8E}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XMedia Recode Version 3.1.7.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.7 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-07-2015 12:33:18 Geplanter Prüfpunkt
15-07-2015 21:18:56 RedDotView wird entfernt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {3ADF46ED-BF19-4897-97EE-CDBECFD552DA} - System32\Tasks\Opera scheduled Autoupdate 1437057596 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {403F192B-05D2-43E3-8869-620A29982E39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5542B2D9-B689-43F9-A34B-7956340AA4B6} - System32\Tasks\{6555F7B7-4FEF-4B98-9DFB-E29E1E1B96CE} => pcalua.exe -a C:\Users\ADMIN\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: {79D5B119-27D0-476B-9DA2-1D4FD0B11983} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {824EFD4E-87E1-4095-A78D-A29EFA9A7F64} - System32\Tasks\tet3008 => C:\PROGRA~2\FASTSE~1\tet3008.exe
Task: {B1174188-13B8-48E9-B74E-1A850D5DE550} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {C2E93577-EF06-4A34-B343-6AD4EE804DB3} - System32\Tasks\{0F868CCB-3067-458A-8588-C2F3A59927E1} => pcalua.exe -a "C:\Users\ADMIN\Neuer Ordner\Adobe Photoshop CS2\Photoshop.exe"
Task: {E0427457-4F2C-4C55-9EA4-D85B424AC4CC} - System32\Tasks\WalkingBuddy => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION
Task: {F35425DA-FE48-4B87-8A2A-82E58A53B62C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\WalkingBuddy.job => c:\programdata\{a14ef3c0-756f-016d-a14e-ef3c0756cf01}\nsf36e3.tmp.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-15 22:52 - 2015-07-15 22:52 - 00318976 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp
2015-07-15 20:16 - 2015-07-15 20:16 - 00165376 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp
2015-07-15 20:16 - 2015-07-15 20:16 - 00199168 _____ () C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp
2015-07-15 20:42 - 2015-06-16 08:50 - 00281088 _____ () C:\Program Files (x86)\Usvalumerer\Usvalumerer.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2013-10-19 15:53 - 2013-10-19 15:53 - 00120224 _____ () C:\Users\ADMIN\AppData\Local\assembly\dl3\P614JHN7.VQO\W1HP4Z1K.AEP\71599d0e\0017145d_cd85cd01\HPItunesModule.DLL
2012-11-02 00:03 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 09707800 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 03890288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02745624 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2013-11-19 21:24 - 2014-08-07 13:28 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 02123032 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01933080 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2013-11-19 21:24 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 04325144 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01573656 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 05300504 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01702168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01810712 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01629464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01340696 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01312536 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 07353112 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01287448 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2013-11-19 21:24 - 2014-08-07 13:29 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 19:26 - 2015-07-13 23:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SweetIM"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{5F9756F8-F816-4DE6-A134-5D11177D7101}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7981A029-D266-40E9-8499-7F3BBA171FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E3F9B456-71FC-4F76-BAC7-46FCB2AA86E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{F7DAAC50-7E76-40D3-A44C-77B9B75D6369}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{4C0198E3-C12B-4A9E-B9A5-B6BF436F7333}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{29318F9F-FA7C-44E7-B609-8BFE5E8F60F2}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{187001C2-A9FD-4738-A9D7-89433C1FB225}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{A82D82B7-05F7-4490-AA02-40D5399142A6}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [UDP Query User{8C6F5E26-8FA7-4115-8F61-D82EDFC9AE04}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{175BA418-B764-485D-9943-0AF872B5D9AA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{F506FFD2-183C-41C2-AC8D-FBDECFFD3363}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{190C1071-58EA-4882-9ACF-316A9638480C}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{184AF574-C0E6-446E-AD99-BD9058C97625}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{12EA3BDB-93C9-45BD-AB70-C117A9F831C3}] => (Allow) LPort=1900
FirewallRules: [{2BE7D240-AF5F-45D1-BADA-89C92BF70400}] => (Allow) LPort=2869
FirewallRules: [{79FE28F8-EED0-4967-8B27-92E8A8135D0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B6AAA071-2BC3-4DB2-BEEA-39E7931D45B8}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{B15D2672-42B0-480B-B5F2-95CE3DFEA96B}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{0FC1CB29-1930-4B9D-9BEF-D9D32751DD9F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{E0CA7CA3-1F8F-4424-859A-B665AEB49A9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{85FF2813-CFC0-4F50-BABB-33F4BE24A9AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BEA04FFC-BB6B-4A84-812B-F2E390B0C473}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{627C4A04-57BB-4398-9591-4C437921F320}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{89D838A2-B075-4070-B293-FF8275CF38EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{46D60460-5EB4-4DA3-A2E1-24643B92E859}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{CA266968-5A05-41FE-A575-EB16DDEEC003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{271D426C-C8A5-42B0-A682-C6BF0A804EF3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{B5EDCB63-5528-4F3B-AF7C-8E426A21B72F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BA24CC07-2ECA-4A70-AF51-3A65385E3224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{35630A5F-E721-41F6-BB13-F2EF8A017A76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{BAC88955-5F3D-40B1-B76D-3150AF83DD89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1D4C01B2-5C30-4199-BECA-167220AAEF41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{10CC3518-034E-4C35-A05A-641EC51A651A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1EBE767D-BCE5-4A63-9AB2-5F20B4418CCE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{DC1CF583-EDB4-41EB-A277-897394E657CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DE5BC789-275E-40FD-8D46-433D87D18079}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{27565CFB-E031-41E5-B9EB-039F3D82503E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{288FA507-0B1F-44F2-869F-9D70621F802C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E564077B-B46E-40BB-8E20-9944DAF606D0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5FB3B7CE-77ED-4CE9-AB9C-A784B8545EB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0927140B-67CC-4CAF-BC42-0B3AA65B6865}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{049B4734-126A-4323-B687-166753E685C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E2445DD-8DB1-42F9-A50D-2FC2A9DD074E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9AA2FFA-0578-4A9F-B4F7-93916239CC10}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAD961B2-CCF2-4BB3-8034-8FA9FB36D2A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA6546CB-2854-4F31-8927-C8FBC13890AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BEDD147-C820-4DAD-BE8A-FAB1A11C3044}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D926CA5-8A9A-455B-8E03-B604543294D0}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{A963906A-A239-488F-9E3B-145A0AFB4129}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{074278CB-3606-43C3-9B87-77C5B90F38A0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CC38E1A2-EEDC-4BF2-8B9B-DA63DF25FCEB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8709488-C5F5-45E3-9DAC-C70EA4C64314}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{66D57E6A-E583-42E5-93BA-E661D6B9BAEB}] => (Allow) LPort=53000
FirewallRules: [{D639270F-1563-405A-9661-E01877876654}] => (Allow) LPort=52000

==================== Faulty Device Manager Devices =============

Name: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Description: PCI-E-Gigabit-Ethernet-Controller Qualcomm Atheros AR8161 (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (8144) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.0, Zeitstempel: 0x552d3c4a
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.2.0.0, Zeitstempel: 0x552d380e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000ed7de
ID des fehlerhaften Prozesses: 0xbe4
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (8572) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AnyProtect.exe, Version 1.0.0.4 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2314

Startzeit: 01d0bf81840d8d1d

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Berichts-ID: da54f83c-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm nsl168.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 23a0

Startzeit: 01d0bf80c69f2627

Endzeit: 4294967295

Anwendungspfad: C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp

Berichts-ID: 9d0059ca-2b74-11e5-8034-4c72b994d0f4

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost (5604) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.


System errors:
=============
Error: (07/17/2015 10:26:06 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/17/2015 04:03:57 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:07 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:06 PM) (Source: Schannel) (EventID: 4102) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Connected Remote Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:13:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 05:12:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/18/2015 04:39:37 PM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost8144Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (07/18/2015 04:34:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/16/2015 04:57:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.1.0.0552d3c4ambamcore.dll1.2.0.0552d380ec0000417000ed7debe401d0bfd64315b495C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamcore.dllf46336e1-2bca-11e5-8039-4c72b994d0f4

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20086281

Error: (07/16/2015 01:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2015 06:52:28 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail8572WindowsMail0:

Error: (07/16/2015 06:40:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AnyProtect.exe1.0.0.4231401d0bf81840d8d1d4294967295C:\Program Files (x86)\AnyProtectEx\AnyProtect.exeda54f83c-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsl168.tmp0.0.0.023a001d0bf80c69f26274294967295C:\Users\ADMIN\AppData\Local\Temp\nsl168.tmp9d0059ca-2b74-11e5-8034-4c72b994d0f4

Error: (07/16/2015 06:09:10 AM) (Source: ESENT) (EventID: 474) (User: )
Description: svchost5604Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)


CodeIntegrity Errors:
===================================
  Date: 2015-07-15 20:32:34.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:34.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:32:33.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:21.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 20:30:20.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-02 17:46:42.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-29 18:58:01.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

  Date: 2014-10-26 11:58:12.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 12227.56 MB
Available physical RAM: 9423.61 MB
Total Virtual: 14083.56 MB
Available Virtual: 10621.04 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.95 GB) (Free:1475.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D65FE7C9)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: ECA99B82)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== End of log ============================
         
--- --- ---

Alt 19.07.2015, 14:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



Ich hab den Eindruck, dass da irgendwas schief gelaufen ist

Bitte MBAM und adwCleaner wiederholen. MBAM vor dem Scan updaten lassen, adwcleaner neu runterladen auf den Desktop.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.07.2015, 16:07   #15
Binchen16
 
Windows 8.1 - selbstinstallierende Programm spamen PC voll - Standard

Windows 8.1 - selbstinstallierende Programm spamen PC voll [gelöst]



Ich werde es nochmal versuchen.

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.07.2015
Suchlauf-Zeit: 15:54:30
Logdatei: Mbam-scanlog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.18.02
Rootkit Datenbank: v2015.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ADMIN

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 638574
Verstrichene Zeit: 26 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp, 3164, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp, 3360, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d]
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp, 2980, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-2824886842-1903998303-2860717336-1011\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:9881, In Quarantäne, [fa4011d28cfec96d0ebad76ab35044bc]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 1
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d],

Dateien: 12
PUP.Optional.PricePeep.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, In Quarantäne, [70ca697a2169f343b6805fa857ac1ee2],
PUP.Optional.PricePeep.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, In Quarantäne, [79c14f942862e056f83efa0de41f619f],
PUP.Optional.ShoppingGate.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, In Quarantäne, [0b2fb52ee1a9d6604b0cf04c3fc4f808],
PUP.Optional.ShoppingGate.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, In Quarantäne, [40fa36adeaa080b66dea99a3a261cb35],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, In Quarantäne, [c27833b0602a67cf747b9fea06fea858],
PUP.Optional.ReMarkable.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, In Quarantäne, [b18908db0e7c51e59e51256405ffd828],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\hnslD14A.tmp, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\jnsyB13D.tmp, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\knsc7735.tmp, Löschen bei Neustart, [a89218cb92f8e74f1fb86e2b857fd32d],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\rnsnA2C2.exe, In Quarantäne, [a89218cb92f8e74f1fb86e2b857fd32d],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\Uninstall.exe, In Quarantäne, [a89218cb92f8e74f1fb86e2b857fd32d],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\E7E25121-1436984178-BACC-826D-3BF07DDA202C\vnsa8231.tmp, In Quarantäne, [a89218cb92f8e74f1fb86e2b857fd32d],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

hier der Inhalt von adwCleaner

Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 19/07/2015 um 17:04:32
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : ADMIN - WELLER´S
# Gestarted von : C:\Users\ADMIN\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v28.0 (de)


-\\ Google Chrome v43.0.2357.134


-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [32539 Bytes] - [16/07/2015 16:57:51]
AdwCleaner[R1].txt - [1371 Bytes] - [19/07/2015 16:55:34]
AdwCleaner[R2].txt - [1279 Bytes] - [19/07/2015 17:02:40]
AdwCleaner[S0].txt - [28632 Bytes] - [16/07/2015 17:01:32]
AdwCleaner[S1].txt - [1430 Bytes] - [19/07/2015 17:00:48]
AdwCleaner[S2].txt - [1199 Bytes] - [19/07/2015 17:04:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1258  Bytes] ##########
         

Antwort

Themen zu Windows 8.1 - selbstinstallierende Programm spamen PC voll
beenden, bild, eingefangen, erkennen, folge, folgendes, gelaufen, guten, hintergrund, installierte, interne, internet, klick, laden, morgen, neu, problem, programm, schnell, seite, seiten, super, systemsteuerung, viren, viren usw., voll, windows



Ähnliche Themen: Windows 8.1 - selbstinstallierende Programm spamen PC voll


  1. Windows 7 - Lokaler Datenträger voll - Dateien könne NICHT gelöscht werden
    Alles rund um Windows - 15.11.2015 (3)
  2. Windows Festplatte C voll, auf D viel platz
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (11)
  3. Windows 7 64-Bit Partition C läuft ständig voll!
    Alles rund um Windows - 14.09.2015 (16)
  4. Windows 7 bleibt öfters hängen, Arbeitsspeicher voll
    Plagegeister aller Art und deren Bekämpfung - 02.09.2015 (39)
  5. Windows 10 Programm installieren fehlgeschlagen
    Alles rund um Windows - 14.07.2015 (0)
  6. Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware
    Log-Analyse und Auswertung - 23.04.2015 (25)
  7. Programm Search Protect auf Windows 8
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (7)
  8. Windows 7: Mozilla voll mit Werbung
    Log-Analyse und Auswertung - 28.02.2015 (22)
  9. Windows Vista SP2 - Firefox und Chrome voll mit Werbung
    Log-Analyse und Auswertung - 22.12.2014 (14)
  10. Windows XP, Firefox und Chrom sind voll mit Werbung die mit "Ads By RR" markiert ist
    Plagegeister aller Art und deren Bekämpfung - 10.05.2014 (9)
  11. Windows 7 64bit: Problem -> Partition C ist voll obwohl effektiv nur die Hälfte belegt ist
    Alles rund um Windows - 19.02.2014 (3)
  12. Windows 8 - Websites voll mit Werbung von lyricxeeker
    Log-Analyse und Auswertung - 21.10.2013 (9)
  13. GVU Trojaner Windows XP 32 Bit, PC voll funktionsfähig
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (9)
  14. Windows sperrt 50€ Bezahlen für Programm!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (33)
  15. Alles voll mit TROJANER/ViREN: TR/Crypt.XPACK.GEN, JAVA/Agent.10515, Qg5, Qg7, Windows Prefetch USW.
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (21)
  16. Windows spinnt total, Spiecher zu voll, Maus geht nicht mehr etc.
    Log-Analyse und Auswertung - 06.11.2008 (0)
  17. Windows XP Programm Fehler
    Antiviren-, Firewall- und andere Schutzprogramme - 05.09.2008 (1)

Zum Thema Windows 8.1 - selbstinstallierende Programm spamen PC voll - Guten Morgen, ich möchte vorweg sagen, dass ich eigentlich nur der typische Anwender bin, und die Arbeitsanweisungen an mich bitte für "Blonde" verfasst werden sollte - Danke. Ich habe seit - Windows 8.1 - selbstinstallierende Programm spamen PC voll...
Archiv
Du betrachtest: Windows 8.1 - selbstinstallierende Programm spamen PC voll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.