Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8.1 64-bit WindowsProtectManger.A / XTab.A / MyStartSearch.A Befall (https://www.trojaner-board.de/166080-windows-8-1-64-bit-windowsprotectmanger-a-xtab-a-mystartsearch-a-befall.html)

Don Redhorse 13.04.2015 19:31
Windows 8.1 64-bit WindowsProtectManger.A / XTab.A / MyStartSearch.A Befall
 
Liste der Anhänge anzeigen (Anzahl: 4)
Hallo ich habe mit Malwarebytes Anti-Malware eine Infektion (21 Treffer heißt: mbam scanlog 13.04.15-09,06 vor quarantäne.txt) sowie den Programmordner Xtab (in C:\Program Files (x86), der mir nichts sagte gefunden, sowie die Erkennungen : WindowsProtectManger.A / XTab.A / MyStartSearch.A. Dann habe ich die Anleitung für Hilfesuchende bei Trojaner- und Virenbefall hier und die MyStartSearch.com Virus entfernen Anleitung befolgt. Beim zweiten Malwarebytes waren es 169 (!) (heißt mbam.txt) Funde. Nach Durcharbeitung der Anleitungen fand Malwarebytes schließlich nichts mehr. Ich möchte dennoch sicher gehen dass der Schädling entfernt ist. Ich hoffe ich habe alles richtig gemacht.Danke im Voraus!

schrauber 13.04.2015 19:44
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Don Redhorse 13.04.2015 19:55
Okay hier wie gewünscht die logfiles, sorry, (erstbesucher)! ;) Mir ist noch etwas eingefallen : GMER hat im Normalbetrieb 2 fehlermeldungen gebracht weswegen ich es dann im abgesicherten Modus noch einmal probiert hab wo sie auch auftauchten.
Der Fehlertext war jeweils : 1. " C:\WINDOWS\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird " und 2. " C:\Users\Gilia\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird "

Hier die logfiles:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:17 on 13/04/2015 (Gilia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Gilia (administrator) on IDEAPAD on 13-04-2015 07:47:43
Running from C:\Users\Gilia\Desktop
Loaded Profiles: Gilia (Available profiles: Gilia)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Bayer Healthcare LLC) C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(Spotify Ltd) C:\Users\Gilia\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe
() C:\Program Files\Everything\Everything.exe
() C:\Program Files\Everything\Everything.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\mcafee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Users\Gilia\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-09] (Valve Corporation)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Amazon Music] => C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Spotify Web Helper] => C:\Users\Gilia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-05] (Spotify Ltd)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\MountPoints2: {8b70cca1-4c20-11e4-8255-806e6f6e6963} - "E:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {CEB877DF-3828-48BB-B3E4-6D86F6F39AD5} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-25] (McAfee)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-25] (McAfee)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-25] (McAfee)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-25] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW

FireFox:
========
FF ProfilePath: C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default
FF NewTab: https://www.google.de/
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1773740722-1353712620-2879442739-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1773740722-1353712620-2879442739-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF user.js: detected! => C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\user.js [2015-04-01]
FF Extension: McAfee SafeKey - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-01-25]
FF Extension: FireShot - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-03-27]
FF Extension: NoSquint - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\nosquint@urandom.ca.xpi [2015-01-10]
FF Extension: Print Edit - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\printedit@DW-dev.xpi [2015-01-10]
FF Extension: Flagfox - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-01-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-03-01]
FF Extension: Video DownloadHelper - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-01]
FF Extension: Adblock Plus - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-10]
FF Extension: BetterPrivacy - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-25]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 BayerHealthcareService; C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [162232 2012-10-30] (Bayer Healthcare LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-22] (SysTool PasSame LIMITED)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]
S2 0200621426811956mcinstcleanup; C:\WINDOWS\TEMP\020062~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2015-01-14] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-03-16] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-03-16] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 RtlWlanu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 07:47 - 2015-04-13 07:48 - 00033708 _____ () C:\Users\Gilia\Desktop\FRST.txt
2015-04-13 07:46 - 2015-04-13 07:47 - 00000000 ____D () C:\FRST
2015-04-13 07:45 - 2015-04-13 07:45 - 00000472 _____ () C:\Users\Gilia\Desktop\defogger_disable.log
2015-04-13 07:45 - 2015-04-13 07:45 - 00000000 _____ () C:\Users\Gilia\defogger_reenable
2015-04-13 07:33 - 2015-04-13 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-13 07:30 - 2015-04-13 07:30 - 00380416 _____ () C:\Users\Gilia\Desktop\Gmer-19357.exe
2015-04-13 07:27 - 2015-04-13 07:27 - 00027027 _____ () C:\mbam-scan-13.04.015-7,27.txt
2015-04-13 07:25 - 2015-04-13 07:25 - 02096640 _____ (Farbar) C:\Users\Gilia\Desktop\FRST64.exe
2015-04-13 07:24 - 2015-04-13 07:24 - 00050477 _____ () C:\Users\Gilia\Desktop\Defogger.exe
2015-04-13 07:21 - 2015-04-13 07:21 - 00852616 _____ () C:\Users\Gilia\Desktop\SecurityCheck.exe
2015-04-13 07:12 - 2015-04-13 07:15 - 00000000 ____D () C:\AdwCleaner
2015-04-13 07:11 - 2015-04-13 07:11 - 00001295 _____ () C:\Users\Gilia\Desktop\Revo Uninstaller.lnk
2015-04-13 07:11 - 2015-04-13 07:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-13 07:10 - 2015-04-13 07:10 - 00448512 _____ (OldTimer Tools) C:\Users\Gilia\Desktop\TFC.exe
2015-04-13 07:05 - 2015-04-13 07:05 - 02217984 _____ () C:\Users\Gilia\Desktop\AdwCleaner_4.201.exe
2015-04-13 07:04 - 2015-04-13 07:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Gilia\Desktop\revosetup95.exe
2015-04-13 06:46 - 2015-04-13 07:31 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 06:45 - 2015-04-13 06:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-13 06:45 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-13 06:45 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-13 06:45 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-13 06:43 - 2015-04-13 06:44 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Gilia\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 03:53 - 2015-04-12 03:53 - 00000222 _____ () C:\Users\Gilia\Desktop\Among the Sleep Demo.url
2015-04-12 03:49 - 2015-04-12 03:49 - 00000222 _____ () C:\Users\Gilia\Desktop\Cry of Fear.url
2015-04-12 03:10 - 2015-04-12 03:10 - 09350034 _____ () C:\Users\Gilia\Downloads\Masterplan - Heroes.mp4
2015-04-12 02:50 - 2015-04-12 02:50 - 00000000 ____D () C:\Program Files\ConvertHelper3
2015-04-12 02:48 - 2015-04-12 02:48 - 00000222 _____ () C:\Users\Gilia\Desktop\Haunted Memories.url
2015-04-12 02:46 - 2015-04-12 02:46 - 29654131 _____ (DownloadHelper ) C:\Users\Gilia\Downloads\ConvertHelper3Setup (2).exe
2015-04-11 19:18 - 2015-04-11 19:18 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-11 19:18 - 2015-04-11 19:18 - 00001058 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-11 19:17 - 2015-04-11 19:19 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-11 19:17 - 2015-03-30 09:02 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-04-11 19:15 - 2015-04-11 19:16 - 07969808 _____ (TeamViewer GmbH) C:\Users\Gilia\Downloads\TeamViewer_Setup_de.exe
2015-04-11 02:00 - 2015-04-11 02:03 - 337840747 _____ () C:\Users\Gilia\Downloads\Superstau 1991.mp4
2015-04-11 01:18 - 2015-04-11 01:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-11 00:54 - 2015-04-11 01:00 - 435629022 _____ () C:\Users\Gilia\Downloads\Resident Evil HD Remaster - Knife Only Playthrough (CQC FTW Trophy).mp4
2015-04-10 13:09 - 2015-04-10 13:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 13:08 - 2015-04-10 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-08 21:42 - 2015-04-11 01:43 - 00000000 ____D () C:\Users\Gilia\Documents\soul
2015-04-07 01:14 - 2015-04-07 01:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 00:56 - 2015-04-07 00:56 - 00001275 _____ () C:\Users\Gilia\Desktop\userdata - Verknüpfung.lnk
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ____D () C:\Users\Gilia\Documents\Erziehung
2015-04-05 01:50 - 2015-04-05 01:53 - 22783960 _____ () C:\Users\Gilia\Downloads\mansion_wp.zip
2015-04-05 00:22 - 2015-04-05 00:22 - 00000961 _____ () C:\Users\Gilia\Desktop\PerformanceTest.lnk
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Users\Gilia\Documents\PassMark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Users\Gilia\AppData\Local\PassMark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\ProgramData\Passmark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Program Files\PerformanceTest
2015-04-05 00:18 - 2015-04-05 00:18 - 26904664 _____ (Passmark Software ) C:\Users\Gilia\Downloads\petst.exe
2015-04-04 23:16 - 2015-04-04 23:16 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-04 21:31 - 2015-04-04 21:32 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 07:29 - 2015-04-04 07:29 - 00000390 _____ () C:\Users\Gilia\Downloads\Texture Fix-649-.zip
2015-04-04 07:29 - 2015-04-04 07:29 - 00000000 ____D () C:\Users\Gilia\Downloads\Texture Fix-649-
2015-04-04 06:38 - 2015-04-04 06:39 - 00001841 _____ () C:\Users\Gilia\Desktop\witcher.lnk
2015-04-04 06:31 - 2015-04-04 07:49 - 00000000 ____D () C:\Users\Gilia\AppData\Local\The Witcher
2015-04-04 06:31 - 2015-04-04 07:26 - 00000000 ____D () C:\Users\Gilia\Documents\The Witcher
2015-04-04 06:20 - 2015-04-04 06:26 - 386763152 _____ () C:\Users\Gilia\Downloads\TheWitcherPatch.1.5.zip
2015-04-04 05:26 - 2015-04-04 06:30 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2015-04-04 05:26 - 2015-04-04 06:30 - 00000000 ____D () C:\Program Files (x86)\The Witcher Enhanced Edition
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\Gilia\Documents\My Games
2015-04-03 14:53 - 2015-04-03 14:53 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-02 22:46 - 2015-04-02 22:46 - 36210245 _____ () C:\Users\Gilia\Downloads\MSIAfterburnerSetup.zip
2015-04-02 22:37 - 2015-04-02 22:37 - 00000990 _____ () C:\Users\Gilia\Desktop\TechPowerUp GPU-Z.lnk
2015-04-02 22:37 - 2015-04-02 22:37 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-04-02 22:37 - 2015-04-02 22:37 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2015-04-02 22:36 - 2015-04-02 22:36 - 01713824 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Gilia\Downloads\gpu-z.0.8.2.exe
2015-04-02 22:33 - 2015-04-02 22:33 - 00000896 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-04-02 22:33 - 2015-04-02 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-04-02 22:33 - 2015-04-02 22:33 - 00000000 ____D () C:\Program Files\CPUID
2015-04-02 22:30 - 2015-04-02 22:30 - 01577464 _____ ( ) C:\Users\Gilia\Downloads\cpu-z_1.71.1-setup-en.exe
2015-04-02 14:56 - 2015-04-02 14:56 - 00000000 ____D () C:\Users\Gilia\AppData\Local\CAPCOM
2015-04-02 04:30 - 2015-04-02 04:30 - 00002523 _____ () C:\Users\Gilia\Desktop\inSSIDer Home.lnk
2015-04-02 03:36 - 2015-04-02 03:36 - 00000222 _____ () C:\Users\Gilia\Desktop\Resident Evil  biohazard HD REMASTER.url
2015-04-02 00:19 - 2015-04-02 00:19 - 00000221 _____ () C:\Users\Gilia\Desktop\Dungeon Siege III Demo.url
2015-03-31 11:58 - 2015-03-31 19:41 - 00000000 ____D () C:\Users\Gilia\Documents\Borderline
2015-03-31 11:44 - 2015-03-31 11:44 - 16193751 _____ ( ) C:\Users\Gilia\Downloads\klcp_update_1108_20150330.exe
2015-03-31 11:42 - 2015-03-31 11:42 - 12607696 _____ ( ) C:\Users\Gilia\Downloads\K-Lite_Codec_Pack_1107_Basic.exe
2015-03-30 12:46 - 2015-04-10 23:50 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\MiniLyrics
2015-03-30 12:46 - 2015-03-30 12:46 - 00001090 _____ () C:\Users\Public\Desktop\MiniLyrics.lnk
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files (x86)\MiniLyrics
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\Lyrics
2015-03-30 12:45 - 2015-03-30 12:45 - 02105360 _____ (Crintsoft) C:\Users\Gilia\Downloads\MiniLyrics48.exe
2015-03-29 02:15 - 2015-03-29 02:15 - 00002016 _____ () C:\Users\Gilia\Desktop\Shadowrun.lnk
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-28 00:19 - 2015-03-28 00:19 - 00001961 _____ () C:\Users\Gilia\Desktop\TV-Browser.lnk
2015-03-27 20:04 - 2015-03-27 20:19 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\JULIAAtSR
2015-03-27 19:55 - 2015-04-01 23:00 - 00327680 _____ () C:\WINDOWS\system32\Ikeext.etl
2015-03-26 23:38 - 2015-03-26 23:38 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-03-26 23:38 - 2015-03-26 23:38 - 00000000 ____D () C:\ProgramData\Baidu
2015-03-26 23:38 - 2015-03-26 23:38 - 00000000 ____D () C:\FFOutput
2015-03-26 23:37 - 2015-03-26 23:37 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-03-26 23:37 - 2015-03-26 23:37 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2015-03-26 23:33 - 2015-03-26 23:33 - 00001036 _____ () C:\Users\Gilia\Desktop\Frasier.lnk
2015-03-26 19:29 - 2015-03-26 20:01 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\WinFF
2015-03-26 19:21 - 2009-09-27 10:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2015-03-26 19:21 - 2005-07-14 13:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2015-03-26 19:21 - 2004-02-22 11:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2015-03-26 19:21 - 2004-01-25 01:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2015-03-26 19:21 - 2004-01-25 01:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2015-03-26 19:19 - 2015-03-26 20:01 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2015-03-26 19:19 - 2015-03-26 19:19 - 00000000 ____D () C:\Users\Gilia\Documents\eRightSoft
2015-03-26 19:19 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2015-03-26 19:19 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2015-03-26 19:11 - 2015-03-26 19:11 - 00000000 ____D () C:\Users\Gilia\Downloads\7-ZipPortable
2015-03-26 19:09 - 2015-03-26 19:10 - 02362400 _____ (PortableApps.com) C:\Users\Gilia\Downloads\7-zipportable_9.20_rev_3.paf.exe
2015-03-26 18:39 - 2015-03-26 18:39 - 00001316 _____ () C:\Users\Gilia\Desktop\Any Video Converter Professional.lnk
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Users\Gilia\Documents\Any Video Converter Professional
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Anvsoft
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-03-26 18:37 - 2015-03-26 18:38 - 37710648 _____ (Any-Video-Converter.com ) C:\Users\Gilia\Downloads\any-video-converter.exe
2015-03-26 18:26 - 2015-03-26 19:34 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\HandBrake
2015-03-26 18:23 - 2015-03-27 17:40 - 00000071 _____ () C:\Users\Gilia\Documents\videokonvertierung fürs handy.txt
2015-03-26 18:06 - 2015-03-26 18:06 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\(5C-3C-27-93-3A-08)
2015-03-26 17:41 - 2015-03-26 17:48 - 00000000 ____D () C:\Users\Gilia\Documents\SelfMV
2015-03-26 17:34 - 2015-04-01 23:00 - 00000375 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-26 17:30 - 2015-03-26 19:27 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Samsung
2015-03-26 17:30 - 2015-03-26 19:27 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Samsung
2015-03-26 17:30 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-03-26 17:30 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Gilia\Documents\samsung
2015-03-26 17:29 - 2015-03-26 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-03-26 17:28 - 2015-03-26 17:28 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2015-03-26 17:27 - 2015-03-26 19:27 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-26 17:27 - 2015-03-26 19:27 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-26 17:27 - 2013-12-30 11:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-03-26 17:27 - 2013-12-30 11:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-03-26 17:26 - 2015-03-26 17:26 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Downloaded Installations
2015-03-26 17:21 - 2015-03-26 17:29 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\DVDVideoSoft
2015-03-26 17:17 - 2015-03-26 17:18 - 15839599 _____ () C:\Users\Gilia\Downloads\HandBrake-0.10.1-i686-Win_GUI.exe
2015-03-26 17:07 - 2015-03-26 18:48 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Mediatronic
2015-03-26 17:07 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Broad Intelligence
2015-03-26 17:07 - 2015-03-26 17:30 - 00000000 ____D () C:\Program Files (x86)\MediaCoder Handsets Edition
2015-03-26 16:42 - 2015-04-03 04:30 - 00010240 ___SH () C:\Users\Gilia\Thumbs.db
2015-03-25 00:33 - 2015-03-25 00:33 - 00001115 _____ () C:\Users\Gilia\Desktop\S3800W.lnk
2015-03-24 18:30 - 2015-03-24 18:30 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Qualcomm Atheros
2015-03-22 07:35 - 2015-03-22 07:35 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\MPC-HC
2015-03-21 14:09 - 2015-03-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-03-21 14:08 - 2015-03-21 14:08 - 02802944 _____ () C:\Users\Gilia\Downloads\mp3tagv269setup.exe
2015-03-20 15:36 - 2015-03-20 15:36 - 00002020 _____ () C:\Users\Gilia\Desktop\julia.lnk
2015-03-18 09:50 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-18 09:50 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-17 05:58 - 2015-03-17 05:58 - 00000000 ____D () C:\Users\Gilia\Downloads\keyfinder_2.0.10.10
2015-03-17 05:46 - 2015-03-17 05:46 - 11902080 _____ ( ) C:\Users\Gilia\Downloads\K-Lite_Codec_Pack_1100_Basic.exe
2015-03-16 21:20 - 2015-03-16 21:20 - 00312480 _____ () C:\WINDOWS\system32\Drivers\atksgt.sys
2015-03-16 21:20 - 2015-03-16 21:20 - 00043168 _____ () C:\WINDOWS\system32\Drivers\lirsgt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 07:45 - 2015-01-10 10:48 - 00000000 ____D () C:\Users\Gilia
2015-04-13 07:41 - 2015-01-10 11:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-13 07:39 - 2015-01-10 10:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1773740722-1353712620-2879442739-1001
2015-04-13 07:28 - 2015-02-06 05:23 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759.job
2015-04-13 07:28 - 2015-01-23 04:18 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 07:25 - 2015-02-12 08:46 - 00000000 ____D () C:\Users\Gilia\AppData\Local\ClassicShell
2015-04-13 07:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 06:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-04-13 06:38 - 2015-02-06 09:46 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Everything
2015-04-13 06:27 - 2014-10-05 11:38 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-13 06:27 - 2014-10-05 11:38 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-13 06:27 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-13 06:26 - 2015-02-05 21:46 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Spotify
2015-04-13 06:23 - 2015-02-05 21:38 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Spotify
2015-04-13 05:27 - 2014-10-05 01:53 - 01662344 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-13 05:02 - 2015-01-23 04:18 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 05:02 - 2015-01-19 05:12 - 00000000 __RDO () C:\Users\Gilia\OneDrive
2015-04-13 05:02 - 2015-01-10 11:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-12 09:52 - 2015-01-10 11:08 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\foobar2000
2015-04-12 05:27 - 2015-01-11 01:03 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Mp3tag
2015-04-12 03:53 - 2015-01-10 21:31 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-11 20:07 - 2015-01-18 01:10 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\TV-Browser
2015-04-11 16:25 - 2014-10-05 03:11 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-04-11 16:25 - 2014-10-05 03:08 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-11 16:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-11 01:15 - 2015-01-30 00:30 - 00000000 ____D () C:\Users\Gilia\dwhelper
2015-04-10 15:36 - 2015-01-26 00:44 - 00503808 ___SH () C:\Users\Gilia\Desktop\Thumbs.db
2015-04-10 13:08 - 2015-01-10 11:50 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-10 13:04 - 2015-01-29 03:36 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Audacity
2015-04-09 06:09 - 2015-01-11 08:25 - 00000000 ____D () C:\Users\Gilia\AppData\Local\CrashDumps
2015-04-08 21:48 - 2015-02-05 05:48 - 00000000 ____D () C:\Users\Gilia\Documents\Star Wars Humble Bundle (pay what you want and help charity)-Dateien
2015-04-08 21:48 - 2015-01-10 10:50 - 00000000 ____D () C:\Users\Gilia\Documents\Bluetooth Folder
2015-04-08 21:22 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-05 15:08 - 2015-02-05 21:46 - 00001848 _____ () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 15:08 - 2014-10-05 03:11 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-04-04 22:33 - 2013-08-22 16:46 - 00048848 _____ () C:\WINDOWS\setupact.log
2015-04-04 21:32 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-04 06:29 - 2014-10-05 02:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 06:15 - 2015-01-11 02:48 - 00262795 _____ () C:\WINDOWS\DirectX.log
2015-04-03 14:55 - 2015-01-10 23:27 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Skype
2015-04-03 14:54 - 2015-01-10 23:27 - 00000000 ____D () C:\ProgramData\Skype
2015-04-03 14:53 - 2015-01-10 11:14 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 14:19 - 2015-01-19 19:43 - 00000000 ____D () C:\Users\Gilia\Documents\Komplettlösungen
2015-04-03 04:40 - 2015-02-06 10:21 - 00000000 ____D () C:\Users\Gilia\Downloads\dark_forces_beta
2015-04-01 23:00 - 2014-03-18 11:44 - 00055336 _____ () C:\WINDOWS\PFRO.log
2015-04-01 23:00 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-01 19:54 - 2014-10-05 03:09 - 00012800 _____ () C:\WINDOWS\system32\VfService.trf
2015-04-01 19:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-01 17:49 - 2015-01-11 01:18 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-03-31 11:45 - 2015-02-15 05:41 - 00003676 _____ () C:\WINDOWS\System32\Tasks\klcp_update
2015-03-31 11:44 - 2015-02-15 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-31 11:44 - 2015-02-15 05:41 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-03-30 20:27 - 2015-01-10 10:50 - 00000000 ____D () C:\Users\Gilia\AppData\Local\NVIDIA Corporation
2015-03-30 09:21 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\avidemux
2015-03-28 05:44 - 2015-01-10 11:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2014-10-05 02:22 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2015-01-10 11:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-05 02:22 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-27 12:12 - 2015-01-30 15:18 - 00000000 ____D () C:\Users\Gilia\Documents\Tagebuch
2015-03-27 10:40 - 2015-01-14 12:38 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-27 10:40 - 2015-01-14 12:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 19:25 - 2015-01-10 10:49 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Atheros
2015-03-26 18:14 - 2015-01-10 15:38 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Win7UI
2015-03-24 18:39 - 2015-02-12 10:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-03-24 14:55 - 2015-01-10 11:50 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Adobe
2015-03-24 14:49 - 2015-01-10 11:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-22 07:22 - 2015-01-10 10:48 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Pokki
2015-03-22 07:01 - 2015-01-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-03-22 06:18 - 2015-01-14 12:39 - 00001747 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2015-03-22 06:18 - 2015-01-14 12:39 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-21 14:10 - 2015-01-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-21 14:09 - 2015-01-10 11:12 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-03-20 02:39 - 2015-01-25 03:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-18 09:52 - 2015-01-18 08:47 - 00000000 ____D () C:\TEMP
2015-03-18 09:52 - 2014-10-05 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-18 09:51 - 2014-10-05 02:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 06:04 - 2015-01-14 01:37 - 00000000 ___RD () C:\Users\Gilia\Documents\Verknüpfung
2015-03-17 06:03 - 2015-01-10 10:49 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Packages
2015-03-17 05:58 - 2015-02-27 00:52 - 00001108 _____ () C:\Users\Public\Desktop\MPC-HC.lnk
2015-03-17 05:58 - 2015-01-27 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-03-17 05:58 - 2015-01-27 00:34 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2015-03-16 11:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-01-25 03:31 - 2015-01-25 22:22 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-05 02:25 - 2014-10-05 02:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 17:12

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Gilia at 2015-04-13 07:49:15
Running from C:\Users\Gilia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Amazon Kindle (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version:  - Krillbite Studio)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Any Video Converter Professional 5.7.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Blackguards (HKLM-x32\...\Blackguards_is1) (Version: 1.6 - Daedalic Entertainment GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{6ABE95F9-9FBE-46B2-96C7-5D5AA17DA66E}) (Version: 4.2.0 - IvoSoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dungeon Siege III Demo (HKLM-x32\...\Steam App 39230) (Version:  - Obsidian Entertainment)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 9.1.8.3 (07/01/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
GLUCOFACTS(TM) Deluxe Smart Launch (HKLM-x32\...\{8C3ADE22-5B38-4331-A75C-00E116128D3D}) (Version: 1.21.01 - Bayer HealthCare)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)
J.U.L.I.A.: Among the Stars (HKLM-x32\...\Steam App 257690) (Version:  - CBE Software s.r.o.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Codec Pack 11.0.8 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.8 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 5.0.6 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6806.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.6806.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{FF29EE31-56D7-4A59-940C-AF6DDDFF69B0}) (Version: 4.2.8.2 - The Document Foundation)
LibreOffice 4.2.8.2 (HKLM-x32\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version: 4.2.8.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SafeKey(nur Deinstallation) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.48 - Crintsoft) <==== ATTENTION
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MPC-HC 1.7.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
MyFreeCodec (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\MyFreeCodec) (Version:  - )
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1046.0 - Passmark Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version:  - LucasArts)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version:  - LucasArts)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version:  - Petroglyph)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version:  - Aspyr Studios)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
TSLRCM 1.8.3 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
WinDirStat 1.1.2 (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\WinDirStat) (Version:  - )
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
XMedia Recode Version 3.2.0.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.4 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)

==================== Restore Points  =========================

26-03-2015 17:22:19 DVDVideoSoftRestorePoint
29-03-2015 01:16:34 Removed Microsoft Silverlight
03-04-2015 14:51:26 McAfee  Vulnerability Scanner
10-04-2015 13:04:56 McAfee  Vulnerability Scanner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1FEDAB8C-C525-4769-B1E2-F0BF3052C939} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {39E16E81-6DB6-4896-8D24-FC5DA4007D28} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: {49BB9313-9FA5-4A3D-919C-89C895DD7A6F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1773740722-1353712620-2879442739-1001
Task: {60072D23-DA76-46F8-AE16-770D8BEF3A9A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-27] ()
Task: {6BB8711A-B3DC-4C0D-8AF3-EB21AE16A229} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {97463CF4-6833-4581-81E1-D908753F4BC8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {A883FA9B-0E69-4CE0-820B-12A7D3B17188} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {AFF1C76A-A207-41E4-8898-B15A50F44327} - System32\Tasks\{2B0737E5-8460-472F-89C9-E3BEA30B8AF0} => pcalua.exe -a C:\Users\Gilia\Downloads\SysinternalsSuite\pagedfrg.exe -d C:\Users\Gilia\Downloads\SysinternalsSuite
Task: {B13F16E4-EB1C-4C23-A34D-01A53C90D889} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BB9A3021-EBC3-41EE-81D8-190634731B32} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {D25EB661-E143-4A1D-B7B5-C90C2C1E791C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E5929D3E-17B8-437B-A29E-A8E261E2B1A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {EC9C4B82-B71A-4E1B-929F-F8AF95ECE5F2} - System32\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {F77F655B-FC56-436C-9A45-3EF0D6625E86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-11 19:19 - 2015-03-30 09:02 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-10-05 03:06 - 2012-04-25 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-10-05 03:09 - 2014-10-05 03:09 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-10-05 03:09 - 2014-10-05 03:09 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-10-05 02:21 - 2015-03-13 18:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-11 01:36 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-10-05 11:24 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-10 13:10 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-01-12 00:00 - 2012-10-13 17:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-06 09:46 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2015-04-13 07:24 - 2015-04-13 07:24 - 00050477 _____ () C:\Users\Gilia\Desktop\Defogger.exe
2014-10-05 02:23 - 2013-09-04 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 20:27 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-10 11:32 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-10 11:32 - 2015-04-09 20:38 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-10 11:32 - 2015-04-09 20:38 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-10 11:32 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-10 11:32 - 2015-02-25 03:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-01-27 00:34 - 2015-01-25 16:22 - 00241912 _____ () C:\Program Files (x86)\MPC-HC\LAVFilters\libbluray.dll
2015-01-25 22:22 - 2015-01-25 22:22 - 01012224 _____ () C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}\platform\WINNT_x86-msvc\components\mcxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Gilia\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilia\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1773740722-1353712620-2879442739-500 - Administrator - Disabled)
Gast (S-1-5-21-1773740722-1353712620-2879442739-501 - Limited - Disabled)
Gilia (S-1-5-21-1773740722-1353712620-2879442739-1001 - Administrator - Enabled) => C:\Users\Gilia
HomeGroupUser$ (S-1-5-21-1773740722-1353712620-2879442739-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 06:45:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/13/2015 06:40:17 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/13/2015 06:24:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/13/2015 05:01:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/12/2015 04:53:48 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/12/2015 09:09:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/11/2015 06:45:26 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/11/2015 05:13:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/11/2015 07:15:32 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/10/2015 09:06:38 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]


System errors:
=============
Error: (04/10/2015 02:54:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/10/2015 02:54:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/05/2015 04:44:59 PM) (Source: DCOM) (EventID: 10010) (User: IDEAPAD)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/05/2015 04:44:59 PM) (Source: DCOM) (EventID: 10010) (User: IDEAPAD)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/05/2015 04:44:56 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}

Error: (04/04/2015 06:28:47 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (04/04/2015 06:28:39 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (04/04/2015 06:28:28 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (04/04/2015 06:27:57 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (04/04/2015 06:27:49 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (04/13/2015 06:45:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe

Error: (04/13/2015 06:40:17 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/13/2015 06:24:02 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/13/2015 05:01:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/12/2015 04:53:48 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/12/2015 09:09:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe

Error: (04/11/2015 06:45:26 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/11/2015 05:13:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe

Error: (04/11/2015 07:15:32 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/10/2015 09:06:38 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Percentage of memory in use: 60%
Total physical RAM: 8116.27 MB
Available physical RAM: 3211.81 MB
Total Pagefile: 16308.27 MB
Available Pagefile: 10739.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.36 GB) (Free:308.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.63 GB) NTFS
Drive e: (Disk1) (CDROM) (Total:6.01 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 02416F67)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-13 18:25:30
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Gilia\AppData\Local\Temp\kwddrpow.sys


---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\svchost.exe[3924] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll  00007ffdb1ebae90 7 bytes JMP 00007ffeb1de0430

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [1552:1208]                                      fffff9600097f2d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                          unknown MBR code

---- EOF - GMER 2.1 ----
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-13 20:05:44
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Gilia\AppData\Local\Temp\kwddrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960  fffff800e155a700 12 bytes [80, CA, A9, FF, 82, 19, B1, ...]
.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 973  fffff800e155a70d 39 bytes [EF, 5B, 02, 00, C4, FF, FF, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [524:536]                  fffff960009392d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                    unknown MBR code

---- EOF - GMER 2.1 ----

Don Redhorse 13.04.2015 21:14
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 08:38:57
Logdatei: mbam scanlog 13.04.15-09,06 vor quarantäne.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Gilia

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351389
Verstrichene Zeit: 23 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1416, , [a374c2aa26642511cbb66afe986819e7]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1988, , [53c40c60008a55e161f142d1e91910f0]

Module: 2
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [d641d399c1c9a78f7df6517d976caf51],

Registrierungsschlüssel: 27
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [a374c2aa26642511cbb66afe986819e7],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [53c40c60008a55e161f142d1e91910f0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [b265dd8f325858dec8aab21c53b056aa],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [ac6b95d785057fb78cfd3ed2887c867a],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, , [2dea5d0fd7b3a1954ecfe1f5bd460ef2],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [31e6bdafb0da9e982aa846fe8d78837d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, , [8c8b1d4f44466bcb36675674857ed828],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [f4236705aedc3df9e5987750a162738d],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [20f703693951ad89ccb09d2a897a0bf5],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [968195d7ff8bda5cd8b5c21435ce1ee2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [e73045278703e84eb7c38b3c58ab6b95],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [21f6e28a13775dd94944fde65ba87b85],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [0e099bd14b3f63d3b27140992cd7bd43],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\HomeTab, , [ce49b9b3e6a4c86e70b29f56e2219967],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\SearchProtectWS, , [33e4a7c5721847ef4837b1163ac912ee],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\WajIntEnhance, , [b85fdb917b0f53e3a3fb6b5f679c7e82],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MOZILLA\EXTENDS, , [24f33834eaa055e16f662cb455ae06fa],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [51c6600cf09ab38372094285c83b8d73],

Registrierungswerte: 13
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, , [76a1ec806c1e66d0613dec67f60f37c9]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, , [f522f676e1a9b680cdd199ba40c544bc]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\searchengine@gmail.com, , [1106c3a9a0ea6dc96f9f71e0cc3936ca]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\faststartff@gmail.com, , [27f0fa72ccbef24420d6271cd530748c]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ima, , [21f6e28a13775dd94944fde65ba87b85]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, , [d2451f4d94f65ed86d300251ba4bde22]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, , [29eee686aae0a78f930a292a28ddf20e]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.mystartsearch.com//favicon.ico, , [c750e884ee9c2a0c6a3378dbf0151fe1]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, , [3ed96606e4a62610702d58fb858039c7]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, , [45d25e0ebecc6dc956474a09c144d42c]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CEB877DF-3828-48BB-B3E4-6D86F6F39AD5}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, , [789f1458cfbb82b4415c252ef015b14f]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, , [33e446267c0eae88e7b6381b07fec33d]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [24f33834eaa055e16f662cb455ae06fa]

Registrierungsdaten: 14
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[3addcf9d1f6ba88e5bd79f577b8ac53b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),,[7d9ae389f59554e2dfcd0beae71e9f61]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[10078ddf23672016793337be8283ab55]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[5eb955170a805cdac8e47b7a788d9d63]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),,[0a0da7c5bbcf77bf37757283dd284eb2]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[43d4f9730a80072f7232679a12f47a86]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[46d124486624e84ebd75c1353cc96e92]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),,[6ea94a22b1d91521f8b4a550d3326b95]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[6fa8fa720e7cf83ee2ca0ee7986df808]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[64b3511b226846f0406c62931bea758b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),,[35e22d3f7f0b47ef5f4df302fb0a7b85]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[a3746a020b7f2c0a53517a87e323ea16]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[bc5bbeae5d2db68046673cb951b4639d]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),,[fc1bf7750288bd794b62827349bc7090]

Ordner: 31
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [e0374f1d84068caaa6543f7412f1738d],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [e0374f1d84068caaa6543f7412f1738d],

Dateien: 80
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [a374c2aa26642511cbb66afe986819e7],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [53c40c60008a55e161f142d1e91910f0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, , [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [978090dc3357c076a8015e11dd2318e8],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [49ce105ca0ea8da94366333c8080cd33],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, , [3add89e35832a78f37a79ca7f80a619f],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, , [85922d3f9cee59dd81c8e54f5ea4f010],
PUP.Optional.OpenCandy, C:\Users\Gilia\Downloads\MediaInfo_GUI_0.7.72_Windows.exe, , [c5529ad2dfab46f0e24784a448bee21e],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [e0374f1d84068caaa6543f7412f1738d],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 08:38:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Gilia

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351389
Verstrichene Zeit: 23 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1416, Löschen bei Neustart, [a374c2aa26642511cbb66afe986819e7]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1988, Löschen bei Neustart, [53c40c60008a55e161f142d1e91910f0]

Module: 2
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [d641d399c1c9a78f7df6517d976caf51],

Registrierungsschlüssel: 27
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [a374c2aa26642511cbb66afe986819e7],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [53c40c60008a55e161f142d1e91910f0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [b265dd8f325858dec8aab21c53b056aa],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [ac6b95d785057fb78cfd3ed2887c867a],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [2dea5d0fd7b3a1954ecfe1f5bd460ef2],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [31e6bdafb0da9e982aa846fe8d78837d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [8c8b1d4f44466bcb36675674857ed828],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [f4236705aedc3df9e5987750a162738d],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [20f703693951ad89ccb09d2a897a0bf5],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [968195d7ff8bda5cd8b5c21435ce1ee2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [e73045278703e84eb7c38b3c58ab6b95],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [21f6e28a13775dd94944fde65ba87b85],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [0e099bd14b3f63d3b27140992cd7bd43],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\HomeTab, In Quarantäne, [ce49b9b3e6a4c86e70b29f56e2219967],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\SearchProtectWS, In Quarantäne, [33e4a7c5721847ef4837b1163ac912ee],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\WajIntEnhance, In Quarantäne, [b85fdb917b0f53e3a3fb6b5f679c7e82],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [24f33834eaa055e16f662cb455ae06fa],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, In Quarantäne, [51c6600cf09ab38372094285c83b8d73],

Registrierungswerte: 13
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, In Quarantäne, [76a1ec806c1e66d0613dec67f60f37c9]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, In Quarantäne, [f522f676e1a9b680cdd199ba40c544bc]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\searchengine@gmail.com, In Quarantäne, [1106c3a9a0ea6dc96f9f71e0cc3936ca]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\faststartff@gmail.com, In Quarantäne, [27f0fa72ccbef24420d6271cd530748c]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ima, In Quarantäne, [21f6e28a13775dd94944fde65ba87b85]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, In Quarantäne, [d2451f4d94f65ed86d300251ba4bde22]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, In Quarantäne, [29eee686aae0a78f930a292a28ddf20e]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.mystartsearch.com//favicon.ico, In Quarantäne, [c750e884ee9c2a0c6a3378dbf0151fe1]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, In Quarantäne, [3ed96606e4a62610702d58fb858039c7]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, In Quarantäne, [45d25e0ebecc6dc956474a09c144d42c]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CEB877DF-3828-48BB-B3E4-6D86F6F39AD5}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, In Quarantäne, [789f1458cfbb82b4415c252ef015b14f]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&ts=1424601161&type=default&q={searchTerms}, In Quarantäne, [33e446267c0eae88e7b6381b07fec33d]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [24f33834eaa055e16f662cb455ae06fa]

Registrierungsdaten: 14
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[3addcf9d1f6ba88e5bd79f577b8ac53b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),Ersetzt,[7d9ae389f59554e2dfcd0beae71e9f61]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[10078ddf23672016793337be8283ab55]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[5eb955170a805cdac8e47b7a788d9d63]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),Ersetzt,[0a0da7c5bbcf77bf37757283dd284eb2]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[43d4f9730a80072f7232679a12f47a86]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[46d124486624e84ebd75c1353cc96e92]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),Ersetzt,[6ea94a22b1d91521f8b4a550d3326b95]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[6fa8fa720e7cf83ee2ca0ee7986df808]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[64b3511b226846f0406c62931bea758b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW&q={searchTerms}),Ersetzt,[35e22d3f7f0b47ef5f4df302fb0a7b85]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a3746a020b7f2c0a53517a87e323ea16]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[bc5bbeae5d2db68046673cb951b4639d]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1424601085&from=ima&uid=ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW),Ersetzt,[fc1bf7750288bd794b62827349bc7090]

Ordner: 31
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [e0374f1d84068caaa6543f7412f1738d],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [e0374f1d84068caaa6543f7412f1738d],

Dateien: 80
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [a374c2aa26642511cbb66afe986819e7],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [53c40c60008a55e161f142d1e91910f0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [29eeee7eb9d156e0247ebc8323e0659b],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, In Quarantäne, [978090dc3357c076a8015e11dd2318e8],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [49ce105ca0ea8da94366333c8080cd33],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, In Quarantäne, [3add89e35832a78f37a79ca7f80a619f],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, In Quarantäne, [85922d3f9cee59dd81c8e54f5ea4f010],
PUP.Optional.OpenCandy, C:\Users\Gilia\Downloads\MediaInfo_GUI_0.7.72_Windows.exe, In Quarantäne, [c5529ad2dfab46f0e24784a448bee21e],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [d641d399c1c9a78f7df6517d976caf51],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [ec2b23495b2f3ef8fa69d3ca5fa4a15f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [e0374f1d84068caaa6543f7412f1738d],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Code:
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 09:17:45
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Gilia - IDEAPAD
# Gestarted von : C:\Users\Gilia\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 0200621426811956mcinstcleanup

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
Ordner Gelöscht : C:\Program Files (x86)\MiniLyrics
Ordner Gelöscht : C:\Users\Gilia\AppData\Local\pokki
Ordner Gelöscht : C:\Users\Gilia\AppData\Roaming\MiniLyrics
Datei Gelöscht : C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4580AB54-3C2F-4970-9A77-8628FA182F03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46B5EE7F-3B6B-4079-A756-5EFC10B1F50B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4580AB54-3C2F-4970-9A77-8628FA182F03}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{46B5EE7F-3B6B-4079-A756-5EFC10B1F50B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\MiniLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiniLyrics

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 de)

[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.nosquint.sites", "sparkasse-fuerth.de=0,1428724977858,27,140,0,0,false,0,0,false primeshare.tv=0,1428259780654,29,90,0,0,false,0,0,false blog.de=0,1422758869741,1,160,0,0,false,0[...]
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [10376 Bytes] - [13/04/2015 07:14:44]
AdwCleaner[R1].txt - [4270 Bytes] - [13/04/2015 09:15:23]
AdwCleaner[S0].txt - [3971 Bytes] - [13/04/2015 09:17:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4030  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Gilia on 13.04.2015 at  9:32:00,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\MINILYRICS.EXE-AACDB03E.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\ASKPIP_FF_.EXE-663D9C10.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted the following from C:\Users\Gilia\AppData\Roaming\mozilla\firefox\profiles\16t7n5gl.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "ima");
user_pref("browser.search.searchengine.uid", "ST1000LM014-SSHD-8GB_W382D5WWXXXXW382D5WW");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2015 at  9:34:19,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Shortcut Cleaner 1.3.5 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1
Program started at: 04/13/2015 09:36:17 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Gilia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Gilia\Desktop


0 bad shortcuts found.

Program finished at: 04/13/2015 09:36:17 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a2cdcb5bb6c17f4ea2bd9b5c4728364f
# engine=23349
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-13 10:30:59
# local_time=2015-04-13 12:30:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 94 2893107 28986645 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2776224 10311447 0 0
# scanned=442517
# found=0
# cleaned=0
# scan_time=7598
Da ich nicht sicher war ob ich das mit OTH beim ersten Mal richtig gemacht habe hier noch einmal ein mbam.txt-logfile.Erzeugt nach der Anleitung "MyStartSearch.com Virus entfernen" in Verbindung mit "OTH - OTHelper - Kill All Processes"
Danke!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 21:18:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.07
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Gilia

Suchlauf-Art: Hyper-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285083
Verstrichene Zeit: 1 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Deaktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
So endlich geschafft, puuh!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 21:18:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.07
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Gilia

Suchlauf-Art: Hyper-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285083
Verstrichene Zeit: 1 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Deaktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Warnen

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

schrauber 14.04.2015 10:45
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    MiniLyrics


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Dann bitte ein frisches FRST log.

Don Redhorse 14.04.2015 16:37
Revo findet (leider) keinen MiniLyrics Eintrag (mehr?). Minilyrics wurde von AdwCleaner in die Quarantäne geteckt (nach einer Anleitung hier auf der Seite). Auch in der Windwos Programmlsite findet es sich nicht mehr. Ich hoffe das ist nicht schlimm. Hier trotzdem ein FRST log.

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Gilia (administrator) on IDEAPAD on 14-04-2015 17:33:13
Running from C:\Users\Gilia\Desktop
Loaded Profiles: Gilia (Available profiles: Gilia)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Bayer Healthcare LLC) C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
(Spotify Ltd) C:\Users\Gilia\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
() C:\Program Files\Everything\Everything.exe
() C:\Program Files\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-10-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-10-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Amazon Music] => C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] ()
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [dradio-RecorderTimer] => C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe [42496 2012-10-13] ()
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Run: [Spotify Web Helper] => C:\Users\Gilia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-05] (Spotify Ltd)
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\MountPoints2: {8b70cca1-4c20-11e4-8255-806e6f6e6963} - "E:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> DefaultScope {CEB877DF-3828-48BB-B3E4-6D86F6F39AD5} URL =
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {CEB877DF-3828-48BB-B3E4-6D86F6F39AD5} URL =
SearchScopes: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-25] (McAfee)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-25] (McAfee)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-25] (McAfee)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-25] (McAfee)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default
FF NewTab: https://www.google.de/
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-24] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-24] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1773740722-1353712620-2879442739-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1773740722-1353712620-2879442739-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\dradio-Recorder\npphonostarDetectNP.dll No File
FF Extension: McAfee SafeKey - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2015-01-25]
FF Extension: FireShot - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-03-27]
FF Extension: NoSquint - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\nosquint@urandom.ca.xpi [2015-01-10]
FF Extension: Print Edit - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\printedit@DW-dev.xpi [2015-01-10]
FF Extension: Flagfox - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-01-27]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-03-01]
FF Extension: Video DownloadHelper - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-01]
FF Extension: Adblock Plus - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-10]
FF Extension: BetterPrivacy - C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-01-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 BayerHealthcareService; C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [162232 2012-10-30] (Bayer Healthcare LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-10-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2015-01-14] (Qualcomm Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-03-16] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-03-16] ()
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 RtlWlanu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 17:33 - 2015-04-14 17:33 - 00028858 _____ () C:\Users\Gilia\Desktop\FRST.txt
2015-04-14 16:51 - 2015-04-14 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-14 08:17 - 2015-04-14 08:17 - 00000219 _____ () C:\Users\Gilia\Desktop\Dota 2.url
2015-04-14 07:45 - 2015-04-14 07:45 - 00001141 _____ () C:\Users\Gilia\Desktop\Hausmeister Krause.lnk
2015-04-14 06:34 - 2015-04-14 06:34 - 00000000 ____D () C:\WINDOWS\LastGood
2015-04-14 06:33 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 17176128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 12689592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-04-14 06:33 - 2015-04-09 02:58 - 02935416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435012.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435012.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-04-14 06:33 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-04-14 03:32 - 2015-04-14 03:32 - 00001234 _____ () C:\Users\Gilia\Desktop\rehd-nodoors.exe.lnk
2015-04-14 03:30 - 2015-04-14 03:30 - 00000000 ____D () C:\Users\Gilia\Downloads\rehd-nodoors
2015-04-14 03:28 - 2015-04-14 03:28 - 00010701 _____ () C:\Users\Gilia\Downloads\rehd-nodoors.rar
2015-04-13 21:08 - 2015-04-13 21:08 - 00259584 _____ (OldTimer Tools) C:\Users\Gilia\Downloads\OTH(1).scr
2015-04-13 18:10 - 2015-04-14 17:14 - 00000000 ____D () C:\Users\Gilia\Desktop\Safety
2015-04-13 12:30 - 2015-04-13 18:10 - 00002745 _____ () C:\Users\Gilia\Documents\Dr. Jakob.txt
2015-04-13 10:52 - 2015-04-13 10:53 - 15971616 _____ (IObit) C:\Users\Gilia\Downloads\iobit426uninstaller.exe
2015-04-13 10:52 - 2015-04-13 10:52 - 04737952 _____ () C:\Users\Gilia\Downloads\ausetup5.3.1.20.exe
2015-04-13 09:36 - 2015-04-13 09:36 - 00001746 _____ () C:\sc-cleaner.txt
2015-04-13 09:32 - 2015-04-13 09:32 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-IDEAPAD-Windows-8.1-(64-bit).dat
2015-04-13 09:32 - 2015-04-13 09:32 - 00000000 ____D () C:\RegBackup
2015-04-13 08:04 - 2015-04-13 08:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-13 07:46 - 2015-04-14 17:33 - 00000000 ____D () C:\FRST
2015-04-13 07:45 - 2015-04-13 07:45 - 00000000 _____ () C:\Users\Gilia\defogger_reenable
2015-04-13 07:27 - 2015-04-13 07:27 - 00027027 _____ () C:\mbam-scan-13.04.015-7,27.txt
2015-04-13 07:25 - 2015-04-13 07:25 - 02096640 _____ (Farbar) C:\Users\Gilia\Desktop\FRST64.exe
2015-04-13 07:12 - 2015-04-13 09:17 - 00000000 ____D () C:\AdwCleaner
2015-04-13 07:11 - 2015-04-13 07:11 - 00001295 _____ () C:\Users\Gilia\Desktop\Revo Uninstaller.lnk
2015-04-13 07:11 - 2015-04-13 07:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-13 06:46 - 2015-04-14 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 06:45 - 2015-04-13 06:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 06:45 - 2015-04-13 06:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-13 06:45 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-13 06:45 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-13 06:45 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-13 06:43 - 2015-04-13 06:44 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Gilia\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 03:53 - 2015-04-12 03:53 - 00000222 _____ () C:\Users\Gilia\Desktop\Among the Sleep Demo.url
2015-04-12 03:49 - 2015-04-12 03:49 - 00000222 _____ () C:\Users\Gilia\Desktop\Cry of Fear.url
2015-04-12 03:10 - 2015-04-12 03:10 - 09350034 _____ () C:\Users\Gilia\Downloads\Masterplan - Heroes.mp4
2015-04-12 02:50 - 2015-04-12 02:50 - 00000000 ____D () C:\Program Files\ConvertHelper3
2015-04-12 02:48 - 2015-04-12 02:48 - 00000222 _____ () C:\Users\Gilia\Desktop\Haunted Memories.url
2015-04-12 02:46 - 2015-04-12 02:46 - 29654131 _____ (DownloadHelper ) C:\Users\Gilia\Downloads\ConvertHelper3Setup (2).exe
2015-04-11 19:18 - 2015-04-11 19:18 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-11 19:18 - 2015-04-11 19:18 - 00001058 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-11 19:17 - 2015-04-11 19:19 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-11 19:17 - 2015-03-30 09:02 - 00035112 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-04-11 19:15 - 2015-04-11 19:16 - 07969808 _____ (TeamViewer GmbH) C:\Users\Gilia\Downloads\TeamViewer_Setup_de.exe
2015-04-11 02:00 - 2015-04-11 02:03 - 337840747 _____ () C:\Users\Gilia\Downloads\Superstau 1991.mp4
2015-04-11 01:18 - 2015-04-11 01:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-11 00:54 - 2015-04-11 01:00 - 435629022 _____ () C:\Users\Gilia\Downloads\Resident Evil HD Remaster - Knife Only Playthrough (CQC FTW Trophy).mp4
2015-04-10 13:09 - 2015-04-10 13:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-10 13:08 - 2015-04-10 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-08 21:42 - 2015-04-11 01:43 - 00000000 ____D () C:\Users\Gilia\Documents\soul
2015-04-07 01:14 - 2015-04-07 01:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 00:56 - 2015-04-07 00:56 - 00001275 _____ () C:\Users\Gilia\Desktop\userdata - Verknüpfung.lnk
2015-04-05 21:18 - 2015-04-05 21:18 - 00000000 ____D () C:\Users\Gilia\Documents\Erziehung
2015-04-05 01:50 - 2015-04-05 01:53 - 22783960 _____ () C:\Users\Gilia\Downloads\mansion_wp.zip
2015-04-05 00:22 - 2015-04-05 00:22 - 00000961 _____ () C:\Users\Gilia\Desktop\PerformanceTest.lnk
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Users\Gilia\Documents\PassMark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Users\Gilia\AppData\Local\PassMark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\ProgramData\Passmark
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
2015-04-05 00:22 - 2015-04-05 00:22 - 00000000 ____D () C:\Program Files\PerformanceTest
2015-04-05 00:18 - 2015-04-05 00:18 - 26904664 _____ (Passmark Software ) C:\Users\Gilia\Downloads\petst.exe
2015-04-04 21:31 - 2015-04-04 21:32 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-04 07:29 - 2015-04-04 07:29 - 00000390 _____ () C:\Users\Gilia\Downloads\Texture Fix-649-.zip
2015-04-04 07:29 - 2015-04-04 07:29 - 00000000 ____D () C:\Users\Gilia\Downloads\Texture Fix-649-
2015-04-04 06:38 - 2015-04-04 06:39 - 00001841 _____ () C:\Users\Gilia\Desktop\witcher.lnk
2015-04-04 06:31 - 2015-04-04 07:49 - 00000000 ____D () C:\Users\Gilia\AppData\Local\The Witcher
2015-04-04 06:31 - 2015-04-04 07:26 - 00000000 ____D () C:\Users\Gilia\Documents\The Witcher
2015-04-04 06:20 - 2015-04-04 06:26 - 386763152 _____ () C:\Users\Gilia\Downloads\TheWitcherPatch.1.5.zip
2015-04-04 05:26 - 2015-04-04 06:30 - 00000000 ____D () C:\Users\Public\Documents\The Witcher
2015-04-04 05:26 - 2015-04-04 06:30 - 00000000 ____D () C:\Program Files (x86)\The Witcher Enhanced Edition
2015-04-03 15:40 - 2015-04-03 15:40 - 00000000 ____D () C:\Users\Gilia\Documents\My Games
2015-04-03 14:53 - 2015-04-03 14:53 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-02 22:46 - 2015-04-02 22:46 - 36210245 _____ () C:\Users\Gilia\Downloads\MSIAfterburnerSetup.zip
2015-04-02 22:37 - 2015-04-02 22:37 - 00000990 _____ () C:\Users\Gilia\Desktop\TechPowerUp GPU-Z.lnk
2015-04-02 22:37 - 2015-04-02 22:37 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-04-02 22:37 - 2015-04-02 22:37 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2015-04-02 22:36 - 2015-04-02 22:36 - 01713824 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Gilia\Downloads\gpu-z.0.8.2.exe
2015-04-02 22:33 - 2015-04-02 22:33 - 00000896 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-04-02 22:33 - 2015-04-02 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-04-02 22:33 - 2015-04-02 22:33 - 00000000 ____D () C:\Program Files\CPUID
2015-04-02 22:30 - 2015-04-02 22:30 - 01577464 _____ ( ) C:\Users\Gilia\Downloads\cpu-z_1.71.1-setup-en.exe
2015-04-02 14:56 - 2015-04-02 14:56 - 00000000 ____D () C:\Users\Gilia\AppData\Local\CAPCOM
2015-04-02 04:30 - 2015-04-02 04:30 - 00002523 _____ () C:\Users\Gilia\Desktop\inSSIDer Home.lnk
2015-04-02 03:36 - 2015-04-02 03:36 - 00000222 _____ () C:\Users\Gilia\Desktop\Resident Evil  biohazard HD REMASTER.url
2015-04-02 00:19 - 2015-04-02 00:19 - 00000221 _____ () C:\Users\Gilia\Desktop\Dungeon Siege III Demo.url
2015-03-31 11:58 - 2015-03-31 19:41 - 00000000 ____D () C:\Users\Gilia\Documents\Borderline
2015-03-31 11:44 - 2015-03-31 11:44 - 16193751 _____ ( ) C:\Users\Gilia\Downloads\klcp_update_1108_20150330.exe
2015-03-31 11:42 - 2015-03-31 11:42 - 12607696 _____ ( ) C:\Users\Gilia\Downloads\K-Lite_Codec_Pack_1107_Basic.exe
2015-03-30 12:46 - 2015-03-30 12:46 - 00000000 ____D () C:\Lyrics
2015-03-29 02:15 - 2015-03-29 02:15 - 00002016 _____ () C:\Users\Gilia\Desktop\Shadowrun.lnk
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-29 01:18 - 2015-03-29 01:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-28 00:19 - 2015-03-28 00:19 - 00001961 _____ () C:\Users\Gilia\Desktop\TV-Browser.lnk
2015-03-27 20:04 - 2015-03-27 20:19 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\JULIAAtSR
2015-03-27 19:55 - 2015-04-13 22:02 - 00065536 _____ () C:\WINDOWS\system32\Ikeext.etl
2015-03-26 23:38 - 2015-03-26 23:38 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-03-26 23:38 - 2015-03-26 23:38 - 00000000 ____D () C:\FFOutput
2015-03-26 23:37 - 2015-03-26 23:37 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-03-26 23:37 - 2015-03-26 23:37 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2015-03-26 19:29 - 2015-03-26 20:01 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\WinFF
2015-03-26 19:21 - 2009-09-27 10:39 - 00415744 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2015-03-26 19:21 - 2005-07-14 13:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2015-03-26 19:21 - 2004-02-22 11:11 - 00764416 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2015-03-26 19:21 - 2004-01-25 01:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2015-03-26 19:21 - 2004-01-25 01:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2015-03-26 19:19 - 2015-03-26 19:19 - 00000000 ____D () C:\Users\Gilia\Documents\eRightSoft
2015-03-26 19:19 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2015-03-26 19:19 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2015-03-26 19:11 - 2015-03-26 19:11 - 00000000 ____D () C:\Users\Gilia\Downloads\7-ZipPortable
2015-03-26 19:09 - 2015-03-26 19:10 - 02362400 _____ (PortableApps.com) C:\Users\Gilia\Downloads\7-zipportable_9.20_rev_3.paf.exe
2015-03-26 18:39 - 2015-03-26 18:39 - 00001316 _____ () C:\Users\Gilia\Desktop\Any Video Converter Professional.lnk
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Users\Gilia\Documents\Any Video Converter Professional
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Anvsoft
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-03-26 18:39 - 2015-03-26 18:39 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-03-26 18:37 - 2015-03-26 18:38 - 37710648 _____ (Any-Video-Converter.com ) C:\Users\Gilia\Downloads\any-video-converter.exe
2015-03-26 18:26 - 2015-03-26 19:34 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\HandBrake
2015-03-26 18:23 - 2015-03-27 17:40 - 00000071 _____ () C:\Users\Gilia\Documents\videokonvertierung fürs handy.txt
2015-03-26 18:06 - 2015-03-26 18:06 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\(5C-3C-27-93-3A-08)
2015-03-26 17:41 - 2015-03-26 17:48 - 00000000 ____D () C:\Users\Gilia\Documents\SelfMV
2015-03-26 17:34 - 2015-04-13 22:03 - 00000375 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-26 17:30 - 2015-03-26 19:27 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Samsung
2015-03-26 17:30 - 2015-03-26 19:27 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Samsung
2015-03-26 17:30 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2015-03-26 17:30 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Gilia\Documents\samsung
2015-03-26 17:29 - 2015-03-26 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-03-26 17:27 - 2015-03-26 19:27 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-26 17:27 - 2015-03-26 19:27 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-26 17:27 - 2013-12-30 11:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-03-26 17:27 - 2013-12-30 11:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-03-26 17:26 - 2015-03-26 17:26 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Downloaded Installations
2015-03-26 17:21 - 2015-03-26 17:29 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\DVDVideoSoft
2015-03-26 17:17 - 2015-03-26 17:18 - 15839599 _____ () C:\Users\Gilia\Downloads\HandBrake-0.10.1-i686-Win_GUI.exe
2015-03-26 17:07 - 2015-03-26 18:48 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Mediatronic
2015-03-26 17:07 - 2015-03-26 17:30 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Broad Intelligence
2015-03-26 16:42 - 2015-04-03 04:30 - 00010240 ___SH () C:\Users\Gilia\Thumbs.db
2015-03-25 00:33 - 2015-03-25 00:33 - 00001115 _____ () C:\Users\Gilia\Desktop\S3800W.lnk
2015-03-24 18:30 - 2015-03-24 18:30 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Qualcomm Atheros
2015-03-22 07:35 - 2015-03-22 07:35 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\MPC-HC
2015-03-21 14:09 - 2015-03-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-03-21 14:08 - 2015-03-21 14:08 - 02802944 _____ () C:\Users\Gilia\Downloads\mp3tagv269setup.exe
2015-03-20 15:36 - 2015-03-20 15:36 - 00002020 _____ () C:\Users\Gilia\Desktop\julia.lnk
2015-03-18 09:50 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-18 09:50 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-17 05:58 - 2015-03-17 05:58 - 00000000 ____D () C:\Users\Gilia\Downloads\keyfinder_2.0.10.10
2015-03-17 05:46 - 2015-03-17 05:46 - 11902080 _____ ( ) C:\Users\Gilia\Downloads\K-Lite_Codec_Pack_1100_Basic.exe
2015-03-16 21:20 - 2015-03-16 21:20 - 00312480 _____ () C:\WINDOWS\system32\Drivers\atksgt.sys
2015-03-16 21:20 - 2015-03-16 21:20 - 00043168 _____ () C:\WINDOWS\system32\Drivers\lirsgt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 17:28 - 2015-02-06 05:23 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759.job
2015-04-14 17:28 - 2015-01-23 04:18 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 17:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-14 17:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-14 17:11 - 2015-01-11 01:03 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Mp3tag
2015-04-14 16:51 - 2015-01-10 11:08 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\foobar2000
2015-04-14 16:51 - 2015-01-10 10:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1773740722-1353712620-2879442739-1001
2015-04-14 16:50 - 2014-10-05 11:38 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-14 16:50 - 2014-10-05 11:38 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-14 16:50 - 2014-03-18 11:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-14 16:47 - 2015-01-23 04:18 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 16:47 - 2015-01-10 11:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 16:46 - 2015-01-19 05:12 - 00000000 __RDO () C:\Users\Gilia\OneDrive
2015-04-14 09:26 - 2015-02-12 08:46 - 00000000 ____D () C:\Users\Gilia\AppData\Local\ClassicShell
2015-04-14 08:41 - 2015-01-10 11:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-14 08:17 - 2015-01-10 21:31 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-14 07:45 - 2015-01-26 00:44 - 00565248 ___SH () C:\Users\Gilia\Desktop\Thumbs.db
2015-04-14 07:06 - 2015-01-19 19:43 - 00000000 ____D () C:\Users\Gilia\Documents\Komplettlösungen
2015-04-14 06:45 - 2014-10-05 01:53 - 01840330 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-14 06:35 - 2015-01-18 08:47 - 00000000 ____D () C:\TEMP
2015-04-14 06:35 - 2014-10-05 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 06:35 - 2014-10-05 02:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-13 23:37 - 2015-01-11 08:25 - 00000000 ____D () C:\Users\Gilia\AppData\Local\CrashDumps
2015-04-13 22:02 - 2013-08-22 16:46 - 00051284 _____ () C:\WINDOWS\setupact.log
2015-04-13 22:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 22:01 - 2014-10-05 03:09 - 00014848 _____ () C:\WINDOWS\system32\VfService.trf
2015-04-13 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-13 19:53 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-13 19:29 - 2015-01-10 10:48 - 00000000 ____D () C:\Users\Gilia
2015-04-13 10:41 - 2015-02-10 14:50 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-04-13 09:18 - 2014-03-18 11:44 - 00084682 _____ () C:\WINDOWS\PFRO.log
2015-04-13 09:18 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-13 09:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-04-13 09:09 - 2013-08-22 16:44 - 00405688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-13 09:08 - 2015-01-10 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 09:07 - 2015-02-06 09:46 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Everything
2015-04-13 06:26 - 2015-02-05 21:46 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Spotify
2015-04-13 06:23 - 2015-02-05 21:38 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Spotify
2015-04-11 20:07 - 2015-01-18 01:10 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\TV-Browser
2015-04-11 16:25 - 2014-10-05 03:11 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-04-11 16:25 - 2014-10-05 03:08 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-11 01:15 - 2015-01-30 00:30 - 00000000 ____D () C:\Users\Gilia\dwhelper
2015-04-10 13:08 - 2015-01-10 11:50 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-10 13:04 - 2015-01-29 03:36 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Audacity
2015-04-09 02:58 - 2014-10-05 02:20 - 03317344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-04-09 02:58 - 2014-10-05 02:20 - 00029329 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-04-08 23:30 - 2014-10-05 02:21 - 06841488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 03478344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 01047696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 00936264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-04-08 23:30 - 2014-10-05 02:21 - 00569160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-04-08 23:30 - 2014-10-05 02:21 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-04-08 21:48 - 2015-02-05 05:48 - 00000000 ____D () C:\Users\Gilia\Documents\Star Wars Humble Bundle (pay what you want and help charity)-Dateien
2015-04-08 21:48 - 2015-01-10 10:50 - 00000000 ____D () C:\Users\Gilia\Documents\Bluetooth Folder
2015-04-08 19:52 - 2014-10-05 02:21 - 04336074 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-04-05 15:08 - 2015-02-05 21:46 - 00001848 _____ () C:\Users\Gilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-05 15:08 - 2014-10-05 03:11 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-04-04 21:32 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-04 06:29 - 2014-10-05 02:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-04 06:15 - 2015-01-11 02:48 - 00262795 _____ () C:\WINDOWS\DirectX.log
2015-04-03 14:55 - 2015-01-10 23:27 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Skype
2015-04-03 14:54 - 2015-01-10 23:27 - 00000000 ____D () C:\ProgramData\Skype
2015-04-03 14:53 - 2015-01-10 11:14 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 04:40 - 2015-02-06 10:21 - 00000000 ____D () C:\Users\Gilia\Downloads\dark_forces_beta
2015-04-01 17:49 - 2015-01-11 01:18 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-03-31 11:45 - 2015-02-15 05:41 - 00003676 _____ () C:\WINDOWS\System32\Tasks\klcp_update
2015-03-31 11:44 - 2015-02-15 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-03-31 11:44 - 2015-02-15 05:41 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-03-30 20:27 - 2015-01-10 10:50 - 00000000 ____D () C:\Users\Gilia\AppData\Local\NVIDIA Corporation
2015-03-30 09:21 - 2015-01-12 19:07 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\avidemux
2015-03-28 05:44 - 2015-01-10 11:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2014-10-05 02:22 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2015-01-10 11:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2014-10-05 02:22 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-27 12:12 - 2015-01-30 15:18 - 00000000 ____D () C:\Users\Gilia\Documents\Tagebuch
2015-03-27 10:40 - 2015-01-14 12:38 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-27 10:40 - 2015-01-14 12:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-26 19:25 - 2015-01-10 10:49 - 00000000 ____D () C:\Users\Gilia\AppData\Roaming\Atheros
2015-03-26 18:14 - 2015-01-10 15:38 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Win7UI
2015-03-24 18:39 - 2015-02-12 10:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-03-24 14:55 - 2015-01-10 11:50 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Adobe
2015-03-24 14:49 - 2015-01-10 11:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-03-22 07:01 - 2015-01-10 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2015-03-22 06:18 - 2015-01-14 12:39 - 00001747 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2015-03-22 06:18 - 2015-01-14 12:39 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-21 14:09 - 2015-01-10 11:12 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-03-20 02:39 - 2015-01-25 03:29 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-18 09:51 - 2014-10-05 02:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-17 06:04 - 2015-01-14 01:37 - 00000000 ___RD () C:\Users\Gilia\Documents\Verknüpfung
2015-03-17 06:03 - 2015-01-10 10:49 - 00000000 ____D () C:\Users\Gilia\AppData\Local\Packages
2015-03-17 05:58 - 2015-02-27 00:52 - 00001108 _____ () C:\Users\Public\Desktop\MPC-HC.lnk
2015-03-17 05:58 - 2015-01-27 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2015-03-17 05:58 - 2015-01-27 00:34 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2015-03-16 11:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-01-25 03:31 - 2015-01-25 22:22 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-10-05 02:25 - 2014-10-05 02:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 17:12

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Gilia at 2015-04-14 17:33:52
Running from C:\Users\Gilia\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Album Art Downloader XUI 1.02 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.02 - hxxp://sourceforge.net/projects/album-art)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Amazon Kindle (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Among the Sleep Demo (HKLM-x32\...\Steam App 285540) (Version:  - Krillbite Studio)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Any Video Converter Professional 5.7.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Blackguards (HKLM-x32\...\Blackguards_is1) (Version: 1.6 - Daedalic Entertainment GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{6ABE95F9-9FBE-46B2-96C7-5D5AA17DA66E}) (Version: 4.2.0 - IvoSoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
dradio-Recorder Version 3.02.6 (HKLM-x32\...\dradio-Recorder_is1) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts, Inc.)
Dungeon Siege III Demo (HKLM-x32\...\Steam App 39230) (Version:  - Obsidian Entertainment)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 9.1.8.3 (07/01/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
GLUCOFACTS(TM) Deluxe Smart Launch (HKLM-x32\...\{8C3ADE22-5B38-4331-A75C-00E116128D3D}) (Version: 1.21.01 - Bayer HealthCare)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Interstellar Marines (HKLM-x32\...\Steam App 236370) (Version:  - Zero Point Software)
J.U.L.I.A.: Among the Stars (HKLM-x32\...\Steam App 257690) (Version:  - CBE Software s.r.o.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Codec Pack 11.0.8 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.8 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 5.0.6 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6806.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.6806.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{FF29EE31-56D7-4A59-940C-AF6DDDFF69B0}) (Version: 4.2.8.2 - The Document Foundation)
LibreOffice 4.2.8.2 (HKLM-x32\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version: 4.2.8.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SafeKey(nur Deinstallation) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Mp3tag v2.69 (HKLM-x32\...\Mp3tag) (Version: v2.69 - Florian Heidenreich)
MPC-HC 1.7.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1046.0 - Passmark Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version:  - LucasArts)
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version:  - LucasArts)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version:  - Petroglyph)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version:  - Aspyr Studios)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
TSLRCM 1.8.3 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
WinDirStat 1.1.2 (HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\...\WinDirStat) (Version:  - )
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
XMedia Recode Version 3.2.0.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.0.4 - XMedia Recode)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1773740722-1353712620-2879442739-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (hxxp://MediaArea.net/MediaInfo)

==================== Restore Points  =========================

26-03-2015 17:22:19 DVDVideoSoftRestorePoint
29-03-2015 01:16:34 Removed Microsoft Silverlight
03-04-2015 14:51:26 McAfee  Vulnerability Scanner
10-04-2015 13:04:56 McAfee  Vulnerability Scanner
13-04-2015 10:37:45 Revo Uninstaller's restore point - MyFreeCodec

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1FEDAB8C-C525-4769-B1E2-F0BF3052C939} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {39E16E81-6DB6-4896-8D24-FC5DA4007D28} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-24] (Adobe Systems Incorporated)
Task: {49BB9313-9FA5-4A3D-919C-89C895DD7A6F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1773740722-1353712620-2879442739-1001
Task: {60072D23-DA76-46F8-AE16-770D8BEF3A9A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-03-27] ()
Task: {6BB8711A-B3DC-4C0D-8AF3-EB21AE16A229} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A41A7502-F78E-438C-A32D-5BD69B340895} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {A883FA9B-0E69-4CE0-820B-12A7D3B17188} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {AFF1C76A-A207-41E4-8898-B15A50F44327} - System32\Tasks\{2B0737E5-8460-472F-89C9-E3BEA30B8AF0} => pcalua.exe -a C:\Users\Gilia\Downloads\SysinternalsSuite\pagedfrg.exe -d C:\Users\Gilia\Downloads\SysinternalsSuite
Task: {B13F16E4-EB1C-4C23-A34D-01A53C90D889} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BB9A3021-EBC3-41EE-81D8-190634731B32} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {D25EB661-E143-4A1D-B7B5-C90C2C1E791C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E5929D3E-17B8-437B-A29E-A8E261E2B1A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {EC9C4B82-B71A-4E1B-929F-F8AF95ECE5F2} - System32\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {F77F655B-FC56-436C-9A45-3EF0D6625E86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041bc45c66759.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-11 19:19 - 2015-03-30 09:02 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-10-05 03:06 - 2012-04-25 04:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-10-05 03:09 - 2014-10-05 03:09 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-10-05 03:09 - 2014-10-05 03:09 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2015-01-11 01:36 - 2012-01-29 17:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-01-11 01:36 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-10-05 11:24 - 2014-10-03 18:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-10-05 02:21 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-10 13:10 - 2014-12-08 08:27 - 06277952 _____ () C:\Users\Gilia\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-01-12 00:00 - 2012-10-13 17:05 - 00042496 _____ () C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-06 09:46 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2014-10-05 02:23 - 2013-09-04 17:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-30 20:27 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-10 11:32 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-10 11:32 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 19:39 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-10 11:32 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-10 11:32 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-10 11:32 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-11 01:18 - 2015-04-11 01:18 - 03348592 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-04-11 01:18 - 2015-04-11 01:18 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-11 01:18 - 2015-04-11 01:18 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-01-25 22:22 - 2015-01-25 22:22 - 01012224 _____ () C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}\platform\WINNT_x86-msvc\components\mcxpcom.dll
2013-05-04 13:57 - 2013-05-04 13:57 - 00095712 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 00160720 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00258560 _____ () C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00306176 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2015-01-14 12:20 - 2015-01-14 12:20 - 00532480 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00290816 _____ () C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00303104 _____ () C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00200192 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2015-01-14 12:22 - 2015-01-14 12:22 - 00352768 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2015-01-14 12:21 - 2015-01-14 12:21 - 00201216 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01398248 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2015-01-14 12:28 - 2015-01-14 12:28 - 01084392 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2015-01-14 12:26 - 2015-01-14 12:26 - 00364544 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Gilia\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1773740722-1353712620-2879442739-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilia\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1773740722-1353712620-2879442739-500 - Administrator - Disabled)
Gast (S-1-5-21-1773740722-1353712620-2879442739-501 - Limited - Disabled)
Gilia (S-1-5-21-1773740722-1353712620-2879442739-1001 - Administrator - Enabled) => C:\Users\Gilia
HomeGroupUser$ (S-1-5-21-1773740722-1353712620-2879442739-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 05:13:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/14/2015 04:46:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: VfCredProv.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519ca83b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000367b
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5

Error: (04/14/2015 04:46:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/13/2015 09:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: VfCredProv.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x519ca83b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000367b
ID des fehlerhaften Prozesses: 0xac8
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5

Error: (04/13/2015 09:40:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.922, Zeitstempel: 0x55010546
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000142
Fehleroffset: 0x0009e052
ID des fehlerhaften Prozesses: 0xd3c
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (04/13/2015 09:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1710

Startzeit: 01d0761c621d996d

Endzeit: 4294967295

Anwendungspfad: C:\Users\Gilia\Desktop\OTL.exe

Berichts-ID: a450a0fd-e210-11e4-8288-3010b3eda44c

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/13/2015 08:07:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

Error: (04/13/2015 08:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450541b
Name des fehlerhaften Moduls: nvinitx.dll_unloaded, Version: 9.18.13.4788, Zeitstempel: 0x550302ff
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000344b
ID des fehlerhaften Prozesses: 0x1280
Startzeit der fehlerhaften Anwendung: 0xLogonUI.exe0
Pfad der fehlerhaften Anwendung: LogonUI.exe1
Pfad des fehlerhaften Moduls: LogonUI.exe2
Berichtskennung: LogonUI.exe3
Vollständiger Name des fehlerhaften Pakets: LogonUI.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LogonUI.exe5

Error: (04/13/2015 08:07:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.

Error: (04/13/2015 08:04:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.


System errors:
=============
Error: (04/14/2015 04:46:16 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "IDEAPAD        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.94
registriert werden. Der Computer mit IP-Adresse 169.254.200.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/14/2015 04:46:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "IDEAPAD        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.94
registriert werden. Der Computer mit IP-Adresse 169.254.200.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/14/2015 04:46:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "IDEAPAD        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.94
registriert werden. Der Computer mit IP-Adresse 169.254.200.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/14/2015 04:46:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "IDEAPAD        :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.94
registriert werden. Der Computer mit IP-Adresse 169.254.200.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/14/2015 04:46:13 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{D85CB1D7-1251-432C-9ECB-EA996B2469F6} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/14/2015 08:13:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/14/2015 08:13:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/13/2015 09:09:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call PNR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2015 09:09:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2015 08:06:32 PM) (Source: DCOM) (EventID: 10005) (User: IDEAPAD)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (04/14/2015 05:13:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Gilia\Desktop\Safety\esetsmartinstaller_deu.exe

Error: (04/14/2015 04:46:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bVfCredProv.dll_unloaded0.0.0.0519ca83bc0000005000000000000367b88c01d076c1cc1073dbC:\WINDOWS\system32\LogonUI.exeVfCredProv.dll1060f215-e2b5-11e4-8289-3010b3eda44c

Error: (04/14/2015 04:46:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (04/13/2015 09:46:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bVfCredProv.dll_unloaded0.0.0.0519ca83bc0000005000000000000367bac801d0762289662ed8C:\WINDOWS\system32\LogonUI.exeVfCredProv.dllcc1c95f0-e215-11e4-8288-3010b3eda44c

Error: (04/13/2015 09:40:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.92255010546KERNELBASE.dll6.3.9600.1766854c846bbc00001420009e052d3c01d07621ac6ab19dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dllef384256-e214-11e4-8288-3010b3eda44c

Error: (04/13/2015 09:09:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0171001d0761c621d996d4294967295C:\Users\Gilia\Desktop\OTL.exea450a0fd-e210-11e4-8288-3010b3eda44c

Error: (04/13/2015 08:07:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Gilia\Desktop\Safety\esetsmartinstaller_deu.exe

Error: (04/13/2015 08:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe6.3.9600.174155450541bnvinitx.dll_unloaded9.18.13.4788550302ffc0000005000000000000344b128001d07614aed58185C:\WINDOWS\system32\LogonUI.exenvinitx.dllf41d7a1e-e207-11e4-8288-3010b3eda44c

Error: (04/13/2015 08:07:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe

Error: (04/13/2015 08:04:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\dradio-Recorder\phonostar.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 8116.27 MB
Available physical RAM: 5206.45 MB
Total Pagefile: 16308.27 MB
Available Pagefile: 12300.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.36 GB) (Free:291.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.63 GB) NTFS
Drive e: (Disk1) (CDROM) (Total:6.01 GB) (Free:0 GB) UDF
Drive f: (STORE N GO 32) (Removable) (Total:29.73 GB) (Free:28.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 02416F67)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 0E330C65)
Partition 1: (Not Active) - (Size=29.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 15.04.2015 06:04
sieht gut aus. Bestehen aktuell noch Probleme?

Don Redhorse 15.04.2015 22:36
Momentan nicht mehr Danke soweit!
Eine Zeile im AdwCleaner-log macht mir allerdings noch Kopfzerbrechen, weil da was von meiner Bank steht, ist vielleicht harmlos aber ich wäre gern sicher.
Es handelt sich um die Zeile
Code:
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.nosquint.sites", "sparkasse-fuerth.de=0,1428724977858,27,140,0,0,false,0,0,false primeshare.tv=0,1428259780654,29,90,0,0,false,0,0,false blog.de=0,1422758869741,1,160,0,0,false,0[...]
Das ist aber ein altes file vor der Säuberungsaktion im aktuellen taucht das nicht mehr auf.Ich wüsste halte gern was es damit auf sich hat, wenn es geht.Wenn nicht ist auch gut und vielen vielen Dank für die nette Hilfe! :)
PS: Das 2. file ist das aktuelle von AdwCleaner

Das dazu gehörige logfiles ist das hier :
Code:
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 09:17:45
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Gilia - IDEAPAD
# Gestarted von : C:\Users\Gilia\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : 0200621426811956mcinstcleanup

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
Ordner Gelöscht : C:\Program Files (x86)\MiniLyrics
Ordner Gelöscht : C:\Users\Gilia\AppData\Local\pokki
Ordner Gelöscht : C:\Users\Gilia\AppData\Roaming\MiniLyrics
Datei Gelöscht : C:\Users\Gilia\AppData\Roaming\Mozilla\Firefox\Profiles\16t7n5gl.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4580AB54-3C2F-4970-9A77-8628FA182F03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46B5EE7F-3B6B-4079-A756-5EFC10B1F50B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4580AB54-3C2F-4970-9A77-8628FA182F03}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{46B5EE7F-3B6B-4079-A756-5EFC10B1F50B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\MiniLyrics
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiniLyrics

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 de)

[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.nosquint.sites", "sparkasse-fuerth.de=0,1428724977858,27,140,0,0,false,0,0,false primeshare.tv=0,1428259780654,29,90,0,0,false,0,0,false blog.de=0,1422758869741,1,160,0,0,false,0[...]
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[16t7n5gl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [10376 Bytes] - [13/04/2015 07:14:44]
AdwCleaner[R1].txt - [4270 Bytes] - [13/04/2015 09:15:23]
AdwCleaner[S0].txt - [3971 Bytes] - [13/04/2015 09:17:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4030  Bytes] ##########
Code:
# AdwCleaner v4.201 - Bericht erstellt 15/04/2015 um 23:44:20
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Gilia - IDEAPAD
# Gestarted von : C:\Users\Gilia\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [10376 Bytes] - [13/04/2015 07:14:44]
AdwCleaner[R1].txt - [4270 Bytes] - [13/04/2015 09:15:23]
AdwCleaner[R2].txt - [944 Bytes] - [15/04/2015 23:37:26]
AdwCleaner[S0].txt - [4130 Bytes] - [13/04/2015 09:17:45]
AdwCleaner[S1].txt - [865 Bytes] - [15/04/2015 23:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [923  Bytes] ##########

schrauber 16.04.2015 18:01
Da wurde ne Extension aus dem Browser gekillt.

Don Redhorse 16.04.2015 18:49
Okay, danke. Thema ist damit erledigt. Vielen Dank für die nette Hilfe! :)

schrauber 17.04.2015 06:15
http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:42 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132