Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google Chrome öffnet Werbung und blinkende Pop ups (https://www.trojaner-board.de/164055-google-chrome-oeffnet-werbung-blinkende-pop-ups.html)

Herkra 15.02.2015 18:30
Google Chrome öffnet Werbung und blinkende Pop ups
 
Hallo,
ich habe mir wohl was auf dem PC eingefangen.
Ich habe Windows 8.1
Google Chrome öffnet von allein Werbetabs und nervig blinkende Pop ups.
Den Pop up blocker von Google Chrome habe ich installiert .
Hoffe das mir auch jemand helfen kann.

Gruß Herkra

schrauber 15.02.2015 18:52
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Herkra 16.02.2015 13:24
FRST Logfile:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Hermann (administrator) on PC on 16-02-2015 02:31:07
Running from C:\Users\Hermann\Desktop
Loaded Profiles: Hermann (Available profiles: Hermann & maria_000 & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sonix Technology Co., Ltd.) C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [249856 2012-05-04] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [gmsd_de_117] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56458;https=127.0.0.1:56458
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322197&octid=EB_ORIGINAL_CTID&ISID=MCB5CB1B0-1279-48DA-9BE4-7A7AC790B35B&SearchSource=58&CUI=&UM=8&UP=SP31B6602B-E0A7-434A-831E-13116200D12D&q={searchTerms}&SSPV=
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-13]
CHR Extension: (Google-Suche) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Avira Browserschutz) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-16] (Cherished Technololgy LIMITED)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3568128 2012-06-27] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 18:37 - 2015-02-15 20:05 - 00028113 _____ () C:\Users\Hermann\Desktop\Addition.txt
2015-02-15 18:36 - 2015-02-16 02:31 - 00017039 _____ () C:\Users\Hermann\Desktop\FRST.txt
2015-02-15 18:36 - 2015-02-16 02:31 - 00000000 ____D () C:\FRST
2015-02-15 18:24 - 2015-02-15 18:24 - 02085888 _____ (Farbar) C:\Users\Hermann\Desktop\FRST64.exe
2015-02-15 16:56 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 16:56 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 18:32 - 2015-02-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 21:01 - 2015-02-12 21:33 - 00000165 _____ () C:\Windows\wininit.ini
2015-02-12 20:51 - 2015-02-15 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 20:51 - 2015-02-12 21:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 20:51 - 2015-02-12 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 20:42 - 2015-02-12 20:42 - 00000000 __SHD () C:\Users\Hermann\AppData\Local\EmieBrowserModeList
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\QuickScan
2015-02-12 20:35 - 2015-02-12 20:36 - 00000000 _____ () C:\END
2015-02-10 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 19:53 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:53 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:53 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 19:53 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 19:53 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:53 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:53 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:53 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:53 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:53 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 19:53 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:53 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 19:53 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 19:53 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 19:53 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 19:44 - 2015-02-10 19:44 - 00000000 ____D () C:\ProgramData\1277825800002ba8
2015-02-09 18:20 - 2015-02-15 16:45 - 00000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2015-02-09 18:20 - 2015-02-09 18:20 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2015-01-20 20:12 - 2015-01-20 20:12 - 00628496 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nst5DEE.tmp
2015-01-20 19:32 - 2015-02-09 17:40 - 00000000 ____D () C:\ProgramData\70daf0c600006533
2015-01-20 19:25 - 2015-01-20 19:25 - 00613057 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nstF93E.tmp
2015-01-20 19:25 - 2015-01-20 19:25 - 00000000 __SHD () C:\Users\Hermann\AppData\Roaming\AnyProtectEx
2015-01-20 19:24 - 2015-01-20 19:24 - 00002228 _____ () C:\Windows\patsearch.bin
2015-01-20 19:24 - 2015-01-20 19:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-20 19:13 - 2015-01-20 20:12 - 00001141 _____ () C:\Users\Hermann\Desktop\Continue Live Installation.lnk
2015-01-20 19:07 - 2015-01-20 19:07 - 00000000 ____D () C:\Users\Hermann\Documents\Optimizer Pro
2015-01-18 09:40 - 2015-02-12 19:04 - 00089088 _____ () C:\Users\Hermann\Documents\Radtouren 2011 - 2015.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 02:00 - 2014-03-30 09:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 01:43 - 2014-03-19 11:24 - 02007987 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 01:36 - 2014-03-27 10:08 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D436EBF-41C6-4EA6-B566-C123F251BFFB}
2015-02-16 01:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 20:03 - 2014-03-30 09:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 20:03 - 2014-03-27 09:52 - 00000000 ___DO () C:\Users\Hermann\SkyDrive
2015-02-15 19:48 - 2014-01-21 14:00 - 00049784 _____ () C:\Windows\setupact.log
2015-02-15 19:48 - 2014-01-20 17:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 19:48 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 19:48 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-15 19:47 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-15 16:43 - 2013-09-12 11:53 - 00197926 _____ () C:\Windows\PFRO.log
2015-02-14 18:31 - 2014-03-31 18:43 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1005
2015-02-14 18:31 - 2014-03-27 09:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1002
2015-02-14 17:51 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-14 17:41 - 2014-03-29 17:55 - 00000000 ___DO () C:\Users\maria_000\SkyDrive
2015-02-13 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 21:24 - 2014-10-02 07:38 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 21:13 - 2014-08-17 16:14 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-02-12 21:13 - 2014-08-17 16:14 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-02-12 21:13 - 2013-08-22 15:44 - 00490232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 21:11 - 2014-03-31 19:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 21:09 - 2013-11-22 12:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 16:15 - 2014-03-31 18:39 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF99E9D2-9317-4534-92D7-6426CAA2413A}
2015-02-09 17:55 - 2014-03-30 09:44 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 17:54 - 2014-03-30 09:44 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 13:05 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-08 13:05 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-08 13:05 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 15:24 - 2014-10-22 01:27 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\Skype
2015-02-03 20:31 - 2014-11-17 14:14 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-17 14:14 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 07:45 - 2014-10-16 06:06 - 00921624 _____ () C:\snp2uvc-001.raw
2015-01-21 19:06 - 2014-08-16 13:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-20 20:37 - 2014-08-17 16:14 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-20 20:14 - 2014-08-17 16:14 - 00002812 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-20 20:14 - 2014-08-17 16:14 - 00002810 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-20 20:14 - 2014-08-17 16:14 - 00002810 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-20 20:10 - 2014-11-27 18:23 - 00000000 ____D () C:\Users\Hermann\AppData\Local\Windows Live
2015-01-20 19:33 - 2014-09-19 15:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-20 19:24 - 2014-08-16 13:38 - 00000000 ____D () C:\Users\Hermann\AppData\Local\com
2015-01-20 19:02 - 2014-08-16 13:01 - 00004006 _____ () C:\Windows\System32\Tasks\LaunchSignup

==================== Files in the root of some directories =======

2015-02-09 18:20 - 2015-02-15 16:45 - 0000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2014-08-17 16:14 - 2014-08-17 16:14 - 0000314 _____ () C:\Users\Hermann\AppData\Roaming\aps.uninstall.scan.results
2014-08-17 16:13 - 2014-08-17 16:13 - 0575544 _____ (ClickMeIn Limited) C:\Users\Hermann\AppData\Local\nsrAAC0.tmp
2015-01-20 20:12 - 2015-01-20 20:12 - 0628496 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nst5DEE.tmp
2015-01-20 19:25 - 2015-01-20 19:25 - 0613057 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nstF93E.tmp
2014-01-20 17:07 - 2014-01-20 17:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-23 11:19 - 2014-01-23 11:19 - 0000032 _____ () C:\ProgramData\Temp.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---



Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Hermann at 2015-02-16 02:32:32
Running from C:\Users\Hermann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Bandizip (HKLM\...\Bandizip) (Version: 5.01 - Bandisoft.com)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3714 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SaleItCoupon) <==== ATTENTION
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
USB Video Device (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.54400.104 - Sonix)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hermann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hermann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hermann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3985904470-2221692025-3449449171-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hermann\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-01-2015 15:26:34 Windows Update
06-02-2015 13:32:36 Windows Update
12-02-2015 21:08:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0210DA41-EC97-498E-AC90-41F8D890283C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {138EF0A3-271B-4BDA-9606-C1C352492D77} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {144AB0CC-5F00-4B0E-82AC-EB7AED8120DE} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3499623C-2EE0-48D1-80BF-E7E8812D2431} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)
Task: {806A1849-0B05-43BB-A3EF-5E26740933F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {8222CCD2-5D29-4F2D-860B-ACE8CD31BFA9} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {91341355-E0D1-44B6-A954-0840224D8C93} - System32\Tasks\{02CA46A8-4944-460C-8150-6BB142D3CCEB} => pcalua.exe -a C:\Users\Hermann\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=tugs
Task: {A22D8FB8-8958-42AF-8112-6C4678BA5618} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)
Task: {C6C1B5D5-6642-4096-A7FD-DC6253F13A57} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {CBE593C9-3E19-4E5D-B566-CF62BF085A3E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D8986101-B235-45FE-AEB8-9762D6EF80ED} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {E7559847-714D-4651-96D2-6AF6A8A353BD} - System32\Tasks\{4F5E4C79-D2B2-4841-BADD-FC8FF075A4B0} => pcalua.exe -a C:\Users\Hermann\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-01-20 17:34 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-23 12:46 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-08-21 11:33 - 2014-09-16 19:01 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-08-21 11:32 - 2014-09-16 19:01 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-08-21 11:33 - 2014-09-16 19:01 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-01-23 12:43 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-08 11:55 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-08 11:55 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-08 11:55 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-08 11:55 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hermann\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\maria_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3985904470-2221692025-3449449171-500 - Administrator - Disabled)
Gast (S-1-5-21-3985904470-2221692025-3449449171-501 - Limited - Disabled) => C:\Users\Gast
Hermann (S-1-5-21-3985904470-2221692025-3449449171-1002 - Administrator - Enabled) => C:\Users\Hermann
HomeGroupUser$ (S-1-5-21-3985904470-2221692025-3449449171-1004 - Limited - Enabled)
maria_000 (S-1-5-21-3985904470-2221692025-3449449171-1005 - Limited - Enabled) => C:\Users\maria_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 07:47:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (02/15/2015 04:12:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (02/12/2015 09:21:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x2e0
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 09:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x1140
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 09:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x139c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 09:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x102c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 09:20:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452fe91
Name des fehlerhaften Moduls: IEUI.dll, Version: 11.0.9600.17416, Zeitstempel: 0x545315ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000004ab3
ID des fehlerhaften Prozesses: 0xe60
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (02/12/2015 09:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x1b94
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 09:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0x1148
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (02/12/2015 08:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.111, Zeitstempel: 0x54d1cb7f
Name des fehlerhaften Moduls: chrome.dll, Version: 40.0.2214.111, Zeitstempel: 0x54d1c75d
Ausnahmecode: 0x80000003
Fehleroffset: 0x00539dfa
ID des fehlerhaften Prozesses: 0xd80
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5


System errors:
=============
Error: (02/15/2015 07:48:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (02/15/2015 07:47:18 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/15/2015 04:43:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (02/13/2015 05:48:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "EIEqOqTdB" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/12/2015 09:13:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (02/12/2015 09:12:36 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.

Error: (02/12/2015 09:11:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3023562)

Error: (02/12/2015 09:11:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3020338)

Error: (02/12/2015 09:11:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3019868)

Error: (02/12/2015 09:11:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3004361)


Microsoft Office Sessions:
=========================
Error: (02/15/2015 07:47:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (02/15/2015 04:12:31 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (02/12/2015 09:21:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa2e001d04701710fb81bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dllaf468cb8-b2f4-11e4-82b5-c03fd54397e4

Error: (02/12/2015 09:21:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa114001d047016ed8a3beC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dllacfa035d-b2f4-11e4-82b5-c03fd54397e4

Error: (02/12/2015 09:20:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa139c01d047015c5299b1C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll9aa86cfb-b2f4-11e4-82b5-c03fd54397e4

Error: (02/12/2015 09:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa102c01d047015527bedcC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll94994ac3-b2f4-11e4-82b5-c03fd54397e4

Error: (02/12/2015 09:20:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452fe91IEUI.dll11.0.9600.17416545315aec00000050000000000004ab3e6001d0470135751ad9C:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\IEUI.dll8ae6c2d5-b2f4-11e4-82b5-c03fd54397e4

Error: (02/12/2015 09:05:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa1b9401d046ff4cbdf343C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll8b10af0f-b2f2-11e4-82b4-c03fd54397e4

Error: (02/12/2015 09:05:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfa114801d046ff479c0bf7C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll86f108f5-b2f2-11e4-82b4-c03fd54397e4

Error: (02/12/2015 08:50:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.11154d1cb7fchrome.dll40.0.2214.11154d1c75d8000000300539dfad8001d046fd15a51e5dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome.dll53cc56c8-b2f0-11e4-82b4-c03fd54397e4


CodeIntegrity Errors:
===================================
  Date: 2014-09-26 08:44:36.587
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-16 15:08:42.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-29 17:51:19.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 4051.48 MB
Available physical RAM: 2055.16 MB
Total Pagefile: 4755.48 MB
Available Pagefile: 2539.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:823.41 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
wie geht es jetzt weiter ?

schrauber 17.02.2015 06:59
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    SaleItCoupon

    webssearches uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Herkra 17.02.2015 16:57
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 17.02.2015
Suchlauf-Zeit: 08:17:01
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.17.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Hermann

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 439459
Verstrichene Zeit: 15 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1228, Löschen bei Neustart, [2365c758cdbd68ce7b81f08d6a973ec2]
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, 4188, Löschen bei Neustart, [5f2941de4c3ec1759db1be2fbe43a25e]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, 3628, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9]
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, 3980, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9]

Module: 24
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],

Registrierungsschlüssel: 38
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [2365c758cdbd68ce7b81f08d6a973ec2],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [fb8d69b6117913230ba21eefb152f808],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [fb8d69b6117913230ba21eefb152f808],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [55331f00840645f1fcf1807b9c68f30d],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, In Quarantäne, [96f27ba45e2c77bf7bcfcdcd0af913ed],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [91f7ee3195f5a78fb176f31dc63fd729],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [7d0bb06fd2b8d165c7000d9e38cb619f],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [533557c892f8a59103353e90e02360a0],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b4d4e738028838fe09e4d02b7b893ac6],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{d924d8dc}, In Quarantäne, [3652b06feb9f251177446650ae55ff01],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [a5e3da4526641521167f92197c8705fb],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [02866eb18a00ae88a32325868f74857b],
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, In Quarantäne, [f69255ca0d7d13236e5f8498d1349a66],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [65235fc05d2d81b5e11a029e3cc7f010],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [751352cd0c7ec57138c4b4ec16edd22e],
PUP.Optional.ClicUp.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\clicup, In Quarantäne, [6d1b2df296f44de9e6b5553ed62d3ac6],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, In Quarantäne, [0484809fc5c5ae888abaa3ff17ecf60a],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [8305ea351e6c56e0086d1e8fd62d38c8],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [8dfbd04ff4961d196faa8a891fe6b947],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [691fb46b8ffb1f175777248cd330639d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [5434938c137766d0d0b6699bfd088f71],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [7f09948bd2b82511831d9677679e8d73],
PUP.Optional.GenericAddon.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\GenericAddon, In Quarantäne, [18708c93404a3402d7c34564d72c7c84],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, In Quarantäne, [acdc6eb13a501323723eabfafc07b64a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [f98f41de0b7f3ff7fce90e99e22107f9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [f692031cf892a88ec223c3e4818225db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, In Quarantäne, [dfa941de0189fa3cbc296146ba490af6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, In Quarantäne, [4345b16e9feb0e28a93ce2c557ac0ef2],

Registrierungswerte: 4
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_117, In Quarantäne, [3553d94690fa0f2779460f8b689bbe42],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [a5e3da4526641521167f92197c8705fb]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, In Quarantäne, [02866eb18a00ae88a32325868f74857b]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 4C112F66-FA20-4F92-98DA-5E1BC9F38CCF, In Quarantäne, [f69255ca0d7d13236e5f8498d1349a66]

Registrierungsdaten: 12
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[493fbe61107a9c9a925e7a3e46bf49b7]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX),Ersetzt,[cfb9120d97f3fc3acb24ccecef166c94]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX),Ersetzt,[bdcb75aa5c2e0c2a688993252bda47b9]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[f69233ece4a67eb8c5a42492e322e21e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[8ff9ce510b7f68cedcf1675b8b7af10f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[4048ce51c3c7092dd41cb00860a5f30d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX),Ersetzt,[9bed879853373ef85d92e5d3ce37c43c]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX),Ersetzt,[bdcb5bc4e4a6bf77ab461c9ce81d0ef2]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[206845dac1c982b4bbae655181848d73]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[394f20ffbbcfe2543f8ec9f922e3dd23]
PUP.Optional.WebsSearches, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[157372ad1377a690beac7b3bbb4ac53b]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3985904470-2221692025-3449449171-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1410890461&from=tugs&uid=TOSHIBAXDT01ACA100_14LLW0GNSXX14LLW0GNSX&q={searchTerms}),Ersetzt,[137534eb90fa52e4f576bff7e2232cd4]

Ordner: 36
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [7a0e55cabad06bcbc85c5417c63de11f],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [7a0e55cabad06bcbc85c5417c63de11f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [5335b26d4f3bee48cb85363703001ce4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [5335b26d4f3bee48cb85363703001ce4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [5335b26d4f3bee48cb85363703001ce4],
PUP.Optional.GlobalUpdate.A, C:\Users\Hermann\AppData\Local\Temp\comh.210327, In Quarantäne, [e3a5c659cbbf6dc9ee50353ae2213cc4],
PUP.Optional.GlobalUpdate.A, C:\Users\Hermann\AppData\Local\Temp\comh.329042, In Quarantäne, [dfa977a8dcae20162a14aac54bb8db25],
PUP.Optional.GlobalUpdate.A, C:\Users\Hermann\AppData\Local\Temp\comh.6102, In Quarantäne, [96f2db44bfcb79bdf14d214ee91a2ed2],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.FastPlayer.A, C:\Users\Hermann\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q, In Quarantäne, [6b1d62bd3b4fbf776cf3a1e883807a86],
PUP.Optional.FastPlayer.A, C:\Users\Hermann\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.5, In Quarantäne, [6b1d62bd3b4fbf776cf3a1e883807a86],

Dateien: 76
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [2365c758cdbd68ce7b81f08d6a973ec2],
PUP.Optional.SearchProtect, C:\Program Files (x86)\SupTab\Loader64.exe, Löschen bei Neustart, [5f2941de4c3ec1759db1be2fbe43a25e],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [602844db5c2e979f50c839d414ef1fe1],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, In Quarantäne, [d0b819062d5dba7ca481dbef6d9457a9],
PUP.Optional.NSXgen, C:\Program Files (x86)\Reimageplus.com\reiextsetup.exe, In Quarantäne, [89ff6cb34248a2944466cb047d84e11f],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [afd937e874163303b93206a71ae74ab6],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [94f43fe096f4fb3b9358fbb2679a4fb1],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [9bed839c5a30092dc91e820e0af7bb45],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [127633eca2e8fa3cf1fa0ca10100e818],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [afd9d14ef793b87edd0ee4c90bf6718f],
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [8dfbe936553595a1d923512c5fa208f8],
PUP.Optional.WebsSearches.A, C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, In Quarantäne, [1573d84727639c9ae702c3d0ac574ab6],
PUP.Optional.WebsSearches.A, C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, In Quarantäne, [4741f7285535d066feebbad9758ed32d],
PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, In Quarantäne, [e2a659c647431224cf5c771d768da759],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf, In Quarantäne, [cbbd1a054b3fc175a8a9672e2dd6966a],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, In Quarantäne, [0a7ec35ce1a95cda4809d2c3f2117a86],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [7a0e55cabad06bcbc85c5417c63de11f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-16[20-01-31-464].log, In Quarantäne, [5335b26d4f3bee48cb85363703001ce4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [5335b26d4f3bee48cb85363703001ce4],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, Löschen bei Neustart, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [c2c6fc23454586b005a5e092fa0917e9],
PUP.Optional.FastPlayer.A, C:\Users\Hermann\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.5\user.config, In Quarantäne, [6b1d62bd3b4fbf776cf3a1e883807a86],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.110 - Bericht erstellt 17/02/2015 um 16:28:18
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Lokal]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Hermann - PC
# Gestarted von : C:\Users\Hermann\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\1277825800002ba8
Ordner Gelöscht : C:\ProgramData\70daf0c600006533
Ordner Gelöscht : C:\ProgramData\8d2661ba0aee8d15
Ordner Gelöscht : C:\Program Files (x86)\Easy Speed Check
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Probit Software
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Temp\App Bud
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\torch
Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Hermann\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Hermann\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\maria_000\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\maria_000\AppData\Local\torch
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\maria_000\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\Hermann\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Ordner Gelöscht : C:\Users\maria_000\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpbcgbchmagegfibbpaomfpihmimmfkp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Hermann\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Hermann\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : BrowserSafeguard Update Task
Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Hermann\Desktop\ALDI Süd Blumen Service.lnk
Verknüpfung Desinfiziert : C:\Users\Hermann\Desktop\ALDI Süd Reisen.lnk
Verknüpfung Desinfiziert : C:\Users\Hermann\Desktop\ALDI Süd Startseite.lnk
Verknüpfung Desinfiziert : C:\Users\Hermann\Desktop\ALDI Talk.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Hermann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Easy Speed Check
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Google Chrome v40.0.2214.111


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [8639 Bytes] - [17/02/2015 16:19:58]
AdwCleaner[S0].txt - [8626 Bytes] - [17/02/2015 16:28:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8685  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Hermann on 17.02.2015 at 16:48:18,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-5ADA8DDA.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.02.2015 at 16:49:40,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Hermann (administrator) on PC on 17-02-2015 16:53:05
Running from C:\Users\Hermann\Desktop
Loaded Profiles: Hermann (Available profiles: Hermann & maria_000 & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sonix Technology Co., Ltd.) C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [249856 2012-05-04] (Sonix Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56458;https=127.0.0.1:56458
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-13]
CHR Extension: (Google-Suche) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3568128 2012-06-27] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 16:49 - 2015-02-17 16:49 - 00000765 _____ () C:\Users\Hermann\Desktop\JRT.txt
2015-02-17 16:38 - 2015-02-17 16:39 - 01388274 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe
2015-02-17 16:19 - 2015-02-17 16:28 - 00000000 ____D () C:\AdwCleaner
2015-02-17 16:19 - 2015-02-17 16:19 - 02112512 _____ () C:\Users\Hermann\Downloads\AdwCleaner_4.110.exe
2015-02-17 16:16 - 2015-02-17 16:16 - 00031659 _____ () C:\Users\Hermann\Desktop\mbam.txt
2015-02-17 08:16 - 2015-02-17 16:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 08:16 - 2015-02-17 08:16 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 08:14 - 2015-02-17 08:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hermann\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 08:04 - 2015-02-17 08:04 - 00001288 _____ () C:\Users\Hermann\Desktop\Revo Uninstaller.lnk
2015-02-17 08:04 - 2015-02-17 08:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-17 08:03 - 2015-02-17 08:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hermann\Downloads\revosetup95.exe
2015-02-16 09:26 - 2015-02-16 09:26 - 00205709 _____ () C:\Users\Hermann\Downloads\Outlook.com.zip
2015-02-15 18:37 - 2015-02-16 02:32 - 00028657 _____ () C:\Users\Hermann\Desktop\Addition.txt
2015-02-15 18:36 - 2015-02-17 16:53 - 00013805 _____ () C:\Users\Hermann\Desktop\FRST.txt
2015-02-15 18:36 - 2015-02-17 16:53 - 00000000 ____D () C:\FRST
2015-02-15 18:24 - 2015-02-15 18:24 - 02085888 _____ (Farbar) C:\Users\Hermann\Desktop\FRST64.exe
2015-02-15 16:56 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 16:56 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 18:32 - 2015-02-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 20:51 - 2015-02-15 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 20:51 - 2015-02-12 21:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 20:51 - 2015-02-12 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 20:42 - 2015-02-12 20:42 - 00000000 __SHD () C:\Users\Hermann\AppData\Local\EmieBrowserModeList
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\QuickScan
2015-02-10 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 19:53 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:53 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:53 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 19:53 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 19:53 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:53 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:53 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:53 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:53 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:53 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 19:53 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:53 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 19:53 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 19:53 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 19:53 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-09 18:20 - 2015-02-17 16:50 - 00000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2015-01-20 20:12 - 2015-01-20 20:12 - 00628496 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nst5DEE.tmp
2015-01-20 19:25 - 2015-01-20 19:25 - 00613057 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nstF93E.tmp
2015-01-18 09:40 - 2015-02-12 19:04 - 00089088 _____ () C:\Users\Hermann\Documents\Radtouren 2011 - 2015.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 16:38 - 2014-03-27 10:08 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D436EBF-41C6-4EA6-B566-C123F251BFFB}
2015-02-17 16:35 - 2014-03-27 09:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1002
2015-02-17 16:30 - 2014-03-30 09:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 16:30 - 2014-03-27 09:52 - 00000000 ___DO () C:\Users\Hermann\SkyDrive
2015-02-17 16:29 - 2014-01-21 14:00 - 00050712 _____ () C:\Windows\setupact.log
2015-02-17 16:29 - 2014-01-20 17:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 16:29 - 2013-09-12 11:53 - 00225900 _____ () C:\Windows\PFRO.log
2015-02-17 16:29 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 16:29 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-17 16:28 - 2014-03-27 09:50 - 00001228 _____ () C:\Users\Hermann\Desktop\ALDI Süd Blumen Service.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001204 _____ () C:\Users\Hermann\Desktop\ALDI Süd Reisen.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001160 _____ () C:\Users\Hermann\Desktop\ALDI Talk.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001140 _____ () C:\Users\Hermann\Desktop\ALDI Süd Startseite.lnk
2015-02-17 16:28 - 2014-02-10 16:51 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-17 16:28 - 2014-02-10 16:50 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-17 16:05 - 2014-03-19 11:24 - 01335208 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 16:00 - 2014-03-30 09:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-17 08:34 - 2014-09-16 19:10 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2015-02-17 08:34 - 2014-08-16 13:38 - 00000000 ____D () C:\Users\Hermann\AppData\Local\com
2015-02-17 08:04 - 2014-10-22 01:27 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\Skype
2015-02-17 07:03 - 2014-10-16 06:06 - 00614424 _____ () C:\snp2uvc-001.raw
2015-02-17 07:03 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-17 07:03 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-17 07:03 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 06:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-16 09:27 - 2014-08-22 12:03 - 00000000 ____D () C:\Program Files\Bandizip
2015-02-15 19:47 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 18:31 - 2014-03-31 18:43 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1005
2015-02-14 17:41 - 2014-03-29 17:55 - 00000000 ___DO () C:\Users\maria_000\SkyDrive
2015-02-12 21:24 - 2014-10-02 07:38 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 21:13 - 2013-08-22 15:44 - 00490232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 21:11 - 2014-03-31 19:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 21:09 - 2013-11-22 12:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 16:15 - 2014-03-31 18:39 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF99E9D2-9317-4534-92D7-6426CAA2413A}
2015-02-09 17:55 - 2014-03-30 09:44 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 17:54 - 2014-03-30 09:44 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-11-17 14:14 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-17 14:14 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 20:10 - 2014-11-27 18:23 - 00000000 ____D () C:\Users\Hermann\AppData\Local\Windows Live
2015-01-20 19:33 - 2014-09-19 15:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

==================== Files in the root of some directories =======

2015-02-09 18:20 - 2015-02-17 16:50 - 0000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2014-08-17 16:13 - 2014-08-17 16:13 - 0575544 _____ (ClickMeIn Limited) C:\Users\Hermann\AppData\Local\nsrAAC0.tmp
2015-01-20 20:12 - 2015-01-20 20:12 - 0628496 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nst5DEE.tmp
2015-01-20 19:25 - 2015-01-20 19:25 - 0613057 _____ (CMI Limited) C:\Users\Hermann\AppData\Local\nstF93E.tmp
2014-01-20 17:07 - 2014-01-20 17:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-23 11:19 - 2014-01-23 11:19 - 0000032 _____ () C:\ProgramData\Temp.log

Some content of TEMP:
====================
C:\Users\Hermann\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Hermann\AppData\Local\Temp\Quarantine.exe
C:\Users\Hermann\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

so, hoffe das ich alles richtig gemacht habe

schrauber 18.02.2015 06:23

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Herkra 18.02.2015 09:33
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=37caa1f4d848544284b4b659872afc42
# engine=22524
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-18 07:27:52
# local_time=2015-02-18 08:27:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6520 14548791 0 0
# scanned=228788
# found=6
# cleaned=6
# scan_time=5255
sh=02C41C911A9FF440DED0FE65334ED8E4AE764F27 ft=1 fh=9099217250f17dfd vn="Variante von Win32/AdWare.EasySpeedCheck.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=81657355B9306F36BAC0DE8A60D85C0584259BEC ft=1 fh=333c1f251135755e vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Reimageplus.com\ReimageRepair.exe"
sh=6D2CF68F0985AF8537108809C981A1E2D7E81884 ft=1 fh=fe72414cd28c1f8b vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Hermann\AppData\Local\nsrAAC0.tmp"
sh=CF394A1FDE2B2E69442CB9CE58B344BAD4D021B2 ft=1 fh=9b8d0603832e64e5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Hermann\AppData\Local\nst5DEE.tmp"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Hermann\AppData\Local\nstF93E.tmp"
Code:
Results of screen317's Security Check version 0.99.96 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31 
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
 Google Chrome (GoogleUpdate.dll..)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Hermann (administrator) on PC on 18-02-2015 09:18:26
Running from C:\Users\Hermann\Desktop
Loaded Profiles: Hermann (Available profiles: Hermann & maria_000 & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sonix Technology Co., Ltd.) C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [249856 2012-05-04] (Sonix Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56458;https=127.0.0.1:56458
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-13]
CHR Extension: (Google-Suche) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3568128 2012-06-27] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 09:16 - 2015-02-18 09:16 - 00852594 _____ () C:\Users\Hermann\Downloads\SecurityCheck.exe
2015-02-18 06:52 - 2015-02-18 06:52 - 02347384 _____ (ESET) C:\Users\Hermann\Downloads\esetsmartinstaller_deu.exe
2015-02-17 16:49 - 2015-02-17 16:49 - 00000765 _____ () C:\Users\Hermann\Desktop\JRT.txt
2015-02-17 16:38 - 2015-02-17 16:39 - 01388274 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe
2015-02-17 16:19 - 2015-02-17 16:28 - 00000000 ____D () C:\AdwCleaner
2015-02-17 16:19 - 2015-02-17 16:19 - 02112512 _____ () C:\Users\Hermann\Downloads\AdwCleaner_4.110.exe
2015-02-17 16:16 - 2015-02-17 16:16 - 00031659 _____ () C:\Users\Hermann\Desktop\mbam.txt
2015-02-17 08:16 - 2015-02-17 16:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 08:16 - 2015-02-17 08:16 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 08:14 - 2015-02-17 08:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hermann\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 08:04 - 2015-02-17 08:04 - 00001288 _____ () C:\Users\Hermann\Desktop\Revo Uninstaller.lnk
2015-02-17 08:04 - 2015-02-17 08:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-17 08:03 - 2015-02-17 08:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hermann\Downloads\revosetup95.exe
2015-02-16 09:26 - 2015-02-16 09:26 - 00205709 _____ () C:\Users\Hermann\Downloads\Outlook.com.zip
2015-02-15 18:37 - 2015-02-16 02:32 - 00028657 _____ () C:\Users\Hermann\Desktop\Addition.txt
2015-02-15 18:36 - 2015-02-18 09:18 - 00013880 _____ () C:\Users\Hermann\Desktop\FRST.txt
2015-02-15 18:36 - 2015-02-18 09:18 - 00000000 ____D () C:\FRST
2015-02-15 18:24 - 2015-02-15 18:24 - 02085888 _____ (Farbar) C:\Users\Hermann\Desktop\FRST64.exe
2015-02-15 16:56 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 16:56 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 18:32 - 2015-02-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 20:51 - 2015-02-15 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 20:51 - 2015-02-12 21:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 20:51 - 2015-02-12 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 20:42 - 2015-02-12 20:42 - 00000000 __SHD () C:\Users\Hermann\AppData\Local\EmieBrowserModeList
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\QuickScan
2015-02-10 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 19:53 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:53 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:53 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 19:53 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 19:53 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:53 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:53 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:53 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:53 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:53 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 19:53 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:53 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 19:53 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 19:53 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 19:53 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-09 18:20 - 2015-02-17 16:50 - 00000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 09:14 - 2014-03-30 09:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 09:14 - 2014-03-27 09:52 - 00000000 __RDO () C:\Users\Hermann\SkyDrive
2015-02-18 09:14 - 2014-01-21 14:00 - 00051060 _____ () C:\Windows\setupact.log
2015-02-18 09:14 - 2014-01-20 17:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-18 09:14 - 2013-09-12 11:53 - 00226726 _____ () C:\Windows\PFRO.log
2015-02-18 09:14 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 09:14 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-18 09:00 - 2014-03-30 09:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-18 08:27 - 2014-09-16 19:10 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2015-02-18 08:19 - 2014-03-19 11:24 - 01467582 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 06:40 - 2014-03-27 09:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1002
2015-02-18 06:38 - 2014-03-27 10:08 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D436EBF-41C6-4EA6-B566-C123F251BFFB}
2015-02-17 16:28 - 2014-03-27 09:50 - 00001228 _____ () C:\Users\Hermann\Desktop\ALDI Süd Blumen Service.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001204 _____ () C:\Users\Hermann\Desktop\ALDI Süd Reisen.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001160 _____ () C:\Users\Hermann\Desktop\ALDI Talk.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001140 _____ () C:\Users\Hermann\Desktop\ALDI Süd Startseite.lnk
2015-02-17 16:28 - 2014-02-10 16:51 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-17 16:28 - 2014-02-10 16:50 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-17 08:34 - 2014-08-16 13:38 - 00000000 ____D () C:\Users\Hermann\AppData\Local\com
2015-02-17 08:04 - 2014-10-22 01:27 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\Skype
2015-02-17 07:03 - 2014-10-16 06:06 - 00614424 _____ () C:\snp2uvc-001.raw
2015-02-17 07:03 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-17 07:03 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-17 07:03 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 06:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-16 09:27 - 2014-08-22 12:03 - 00000000 ____D () C:\Program Files\Bandizip
2015-02-15 19:47 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 18:31 - 2014-03-31 18:43 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1005
2015-02-14 17:41 - 2014-03-29 17:55 - 00000000 ___DO () C:\Users\maria_000\SkyDrive
2015-02-12 21:24 - 2014-10-02 07:38 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 21:13 - 2013-08-22 15:44 - 00490232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 21:11 - 2014-03-31 19:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 21:09 - 2013-11-22 12:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 19:04 - 2015-01-18 09:40 - 00089088 _____ () C:\Users\Hermann\Documents\Radtouren 2011 - 2015.xls
2015-02-12 16:15 - 2014-03-31 18:39 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF99E9D2-9317-4534-92D7-6426CAA2413A}
2015-02-09 17:55 - 2014-03-30 09:44 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 17:54 - 2014-03-30 09:44 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-11-17 14:14 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-17 14:14 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 20:10 - 2014-11-27 18:23 - 00000000 ____D () C:\Users\Hermann\AppData\Local\Windows Live
2015-01-20 19:33 - 2014-09-19 15:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

==================== Files in the root of some directories =======

2015-02-09 18:20 - 2015-02-17 16:50 - 0000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2014-01-20 17:07 - 2014-01-20 17:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-23 11:19 - 2014-01-23 11:19 - 0000032 _____ () C:\ProgramData\Temp.log

Some content of TEMP:
====================
C:\Users\Hermann\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Hermann\AppData\Local\Temp\Quarantine.exe
C:\Users\Hermann\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

es scheint besser zu sein,
ich probiere heut mittag nochmal .

schon mal vielen dank für deine hilfe

schrauber 18.02.2015 16:02
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\Reimageplus.com
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56458;https=127.0.0.1:56458
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Kopiere den Text in der Codebox in deinen Editor (z.B. Notepad) und speichere es unter dem Namen regfix.reg (bei Dateityp bitte "alle Dateien" wählen)

Code:
Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=-
"DefaultConnectionSettings"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyServer"=-
Starte die regfix.reg duch Doppelklick.




Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Frisches FRST log bitte. Noch Probleme?

Herkra 18.02.2015 16:39
das Problem scheint gelöst zu sein ,
bisher gingen keine unerlaubten Werbetabs auf, und die blickende Werbung
ist auch endlich verschwunden.

Danke nochmal !

Da war ich wohl etwas früh :-)


Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Hermann at 2015-02-18 16:10:44 Run:1
Running from C:\Users\Hermann\Desktop
Loaded Profiles: Hermann (Available profiles: Hermann & maria_000 & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Reimageplus.com
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:56458;https=127.0.0.1:56458
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Emptytemp:
       
*****************

C:\Program Files (x86)\Reimageplus.com => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
esgiguard => Service deleted successfully.
EmptyTemp: => Removed 495.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:11:26 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Hermann (administrator) on PC on 18-02-2015 16:34:52
Running from C:\Users\Hermann\Desktop
Loaded Profiles: Hermann (Available profiles: Hermann & maria_000 & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sonix) C:\Windows\vsnp2uvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sonix Technology Co., Ltd.) C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [tsnp2uvc] => C:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe [249856 2012-05-04] (Sonix Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3985904470-2221692025-3449449171-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> ""
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Adblock Plus) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-13]
CHR Extension: (Google-Suche) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Google Mail) - C:\Users\Hermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation                          )
S3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [3568128 2012-06-27] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 16:29 - 2015-02-18 16:29 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 16:29 - 2015-02-18 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-18 16:19 - 2015-02-18 16:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hermann\Downloads\revosetup95 (1).exe
2015-02-18 16:18 - 2015-02-18 16:18 - 00000319 _____ () C:\Users\Hermann\Desktop\regfix.reg
2015-02-18 15:58 - 2015-02-18 15:59 - 01021935 _____ () C:\Users\Hermann\Downloads\installer_adobe_flash_player_English.exe
2015-02-18 09:16 - 2015-02-18 09:16 - 00852594 _____ () C:\Users\Hermann\Downloads\SecurityCheck.exe
2015-02-18 06:52 - 2015-02-18 06:52 - 02347384 _____ (ESET) C:\Users\Hermann\Downloads\esetsmartinstaller_deu.exe
2015-02-17 16:49 - 2015-02-17 16:49 - 00000765 _____ () C:\Users\Hermann\Desktop\JRT.txt
2015-02-17 16:38 - 2015-02-17 16:39 - 01388274 _____ (Thisisu) C:\Users\Hermann\Downloads\JRT.exe
2015-02-17 16:19 - 2015-02-17 16:28 - 00000000 ____D () C:\AdwCleaner
2015-02-17 16:19 - 2015-02-17 16:19 - 02112512 _____ () C:\Users\Hermann\Downloads\AdwCleaner_4.110.exe
2015-02-17 16:16 - 2015-02-17 16:16 - 00031659 _____ () C:\Users\Hermann\Desktop\mbam.txt
2015-02-17 08:16 - 2015-02-17 16:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 08:16 - 2015-02-17 08:16 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2015-02-17 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 08:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 08:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 08:14 - 2015-02-17 08:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Hermann\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 08:04 - 2015-02-18 16:20 - 00001288 _____ () C:\Users\Hermann\Desktop\Revo Uninstaller.lnk
2015-02-17 08:04 - 2015-02-18 16:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-17 08:03 - 2015-02-17 08:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Hermann\Downloads\revosetup95.exe
2015-02-16 09:26 - 2015-02-16 09:26 - 00205709 _____ () C:\Users\Hermann\Downloads\Outlook.com.zip
2015-02-15 18:37 - 2015-02-16 02:32 - 00028657 _____ () C:\Users\Hermann\Desktop\Addition.txt
2015-02-15 18:36 - 2015-02-18 16:34 - 00013295 _____ () C:\Users\Hermann\Desktop\FRST.txt
2015-02-15 18:36 - 2015-02-18 16:34 - 00000000 ____D () C:\FRST
2015-02-15 18:24 - 2015-02-15 18:24 - 02085888 _____ (Farbar) C:\Users\Hermann\Desktop\FRST64.exe
2015-02-15 16:56 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 16:56 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 18:32 - 2015-02-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-13 18:31 - 2015-02-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-12 20:51 - 2015-02-15 16:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 20:51 - 2015-02-12 21:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 20:51 - 2015-02-12 20:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-12 20:42 - 2015-02-12 20:42 - 00000000 __SHD () C:\Users\Hermann\AppData\Local\EmieBrowserModeList
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\QuickScan
2015-02-10 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 19:53 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:53 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:53 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 19:53 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 19:53 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:53 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:53 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 19:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:53 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:53 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:53 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 19:53 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:53 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:53 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 19:53 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 19:53 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:53 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:53 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:53 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:53 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:53 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:53 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 19:53 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:53 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:53 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:53 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:53 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:53 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 19:53 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:53 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 19:53 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 19:53 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 19:53 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 19:53 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 19:53 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 19:53 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 19:53 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-09 18:20 - 2015-02-18 15:40 - 00000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 16:32 - 2014-03-27 09:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1002
2015-02-18 16:29 - 2014-03-30 09:44 - 00000000 ____D () C:\Users\Hermann\AppData\Local\Deployment
2015-02-18 16:27 - 2014-03-30 09:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 16:27 - 2014-03-27 09:52 - 00000000 ___DO () C:\Users\Hermann\SkyDrive
2015-02-18 16:27 - 2014-01-21 14:00 - 00051756 _____ () C:\Windows\setupact.log
2015-02-18 16:27 - 2014-01-20 17:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-18 16:27 - 2013-09-12 11:53 - 00233782 _____ () C:\Windows\PFRO.log
2015-02-18 16:27 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 16:13 - 2014-08-16 13:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-18 16:12 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-18 16:10 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-18 16:00 - 2014-03-30 09:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-18 15:57 - 2014-03-19 11:24 - 01534497 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 15:40 - 2014-03-27 10:08 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D436EBF-41C6-4EA6-B566-C123F251BFFB}
2015-02-17 16:28 - 2014-03-27 09:50 - 00001228 _____ () C:\Users\Hermann\Desktop\ALDI Süd Blumen Service.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001204 _____ () C:\Users\Hermann\Desktop\ALDI Süd Reisen.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001160 _____ () C:\Users\Hermann\Desktop\ALDI Talk.lnk
2015-02-17 16:28 - 2014-03-27 09:50 - 00001140 _____ () C:\Users\Hermann\Desktop\ALDI Süd Startseite.lnk
2015-02-17 16:28 - 2014-02-10 16:51 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-17 16:28 - 2014-02-10 16:50 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-17 08:34 - 2014-08-16 13:38 - 00000000 ____D () C:\Users\Hermann\AppData\Local\com
2015-02-17 08:04 - 2014-10-22 01:27 - 00000000 ____D () C:\Users\Hermann\AppData\Roaming\Skype
2015-02-17 07:03 - 2014-10-16 06:06 - 00614424 _____ () C:\snp2uvc-001.raw
2015-02-17 07:03 - 2013-09-12 12:28 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-02-17 07:03 - 2013-09-12 12:28 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-02-17 07:03 - 2013-09-12 12:00 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 06:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-16 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-16 09:27 - 2014-08-22 12:03 - 00000000 ____D () C:\Program Files\Bandizip
2015-02-15 19:47 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 18:31 - 2014-03-31 18:43 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3985904470-2221692025-3449449171-1005
2015-02-14 17:41 - 2014-03-29 17:55 - 00000000 ___DO () C:\Users\maria_000\SkyDrive
2015-02-12 21:13 - 2013-08-22 15:44 - 00490232 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 21:11 - 2014-03-31 19:21 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 21:09 - 2013-11-22 12:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 19:04 - 2015-01-18 09:40 - 00089088 _____ () C:\Users\Hermann\Documents\Radtouren 2011 - 2015.xls
2015-02-12 16:15 - 2014-03-31 18:39 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF99E9D2-9317-4534-92D7-6426CAA2413A}
2015-02-09 17:55 - 2014-03-30 09:44 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 17:54 - 2014-03-30 09:44 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-11-17 14:14 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-17 14:14 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 20:10 - 2014-11-27 18:23 - 00000000 ____D () C:\Users\Hermann\AppData\Local\Windows Live
2015-01-20 19:33 - 2014-09-19 15:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

==================== Files in the root of some directories =======

2015-02-09 18:20 - 2015-02-18 15:40 - 0000020 _____ () C:\Users\Hermann\AppData\Roaming\appdataFr3.bin
2014-01-20 17:07 - 2014-01-20 17:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-23 11:19 - 2014-01-23 11:19 - 0000032 _____ () C:\ProgramData\Temp.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Die Probleme sind behoben !

schrauber 19.02.2015 06:48
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Herkra 20.02.2015 07:46
soll ich die die regfix.reg Datei auf dem Desktop auch löschen ?

Ansonsten ist alles erledigt und du kannst den Thread löschen !

Gruß Herkra

schrauber 20.02.2015 14:19
Ja die kannste auch löschen.


Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131