ADW-cleaner detection: malware?

LASERoneZZZ · Mar 20, 2016

Hi

today i scanned one of my Laptops with ADW-cleaner. There was a new Reg-Key: "...AuthRoot\Certificates\...."

I guess the second key is not very "critical": i think it was created by a ashampoo-software i installed some time ago and
in this case this key is not critical...... I'm always scanning my PCs/Laptops from time to time with "ADW cleaner",
"Malwarebytes anti malware" and "f-secure internet security". "Malwarebytes anti malware" and "f-secure" didnt detect anything today.

The LOG-file is in german language so i hope it will not be too diffcult to solve this issue.

see yahhh and thx a lot..!
LASER

Read More:

Corrine · Mar 20, 2016

Hi, Laser.

There are a number of references to that Root Certificate associated with malware:

ThreatExpert Report: W32.Sality.AE, Virus.Win32.Sality.bh, W32/Sality.gen.z, Mal/Sality-D..
PUA.Fixmypc Technical Details | Symantec
W32/Expiro!5CB97EDB1F4B | Virus Profile & Definition | McAfee Inc.

As to the file extension .snapdoc, when associated with the Firefox Add-on, Super Drag, it was removed from detection ToolsLib - Firefox-Addon "Super Drag": false detection? - Forum. However, that was some time ago.

If you would like me to take a closer look, please follow the Malware Removal Posting Instructions.

LASERoneZZZ · Mar 20, 2016

Hi Corrine!

Thanks for Your support! Just ran "security analysis" and "FRST". "FRST.txt", "Addition.txt" and "SALog.txt" are below:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von NRG1 (Administrator) auf NRG1MSIGE60 (21-03-2016 01:42:44)
Gestartet von C:\Users\NRG1\Desktop
Geladene Profile: NRG1 (Verfügbare Profile: NRG1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\WindowFX\WindowFXSRV.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Stardock\WindowFX\wfx32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\Deskscapes64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
(Elgato Systems) C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
() C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe
(Spotify Ltd) C:\Users\NRG1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Xmarks.com) C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3273480 2014-01-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3992208 2014-10-03] (Stardock Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1328632 2015-12-04] ()
HKLM-x32\...\Run: [F-Secure GUI (666)] => C:\Program Files (x86)\F-Secure\FsGuiStarter.exe [101928 2015-11-10] (F-Secure Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5356184 2015-09-15] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [353408 2014-04-12] (GP Software)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Remote Control Editor] => C:\Program Files (x86)\Common Files\TERRATEC\Remote\TTTvRc.exe [1699912 2010-10-26] (Elgato Systems)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe [2412296 2015-02-23] ()
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Spotify Web Helper] => C:\Users\NRG1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Xmarks] => C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2015-06-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-04-02] (ZONER software)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2014-01-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2014-01-08] (NVIDIA Corporation)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1413760 2014-04-12] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [367704 2014-04-12] (GP Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-28]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-28]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-02-20]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Autostart).lnk [2015-05-20]
ShortcutTarget: Directory Opus (Autostart).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-06-18]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2015-05-25]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 82.212.62.40 78.42.43.40
Tcpip\..\Interfaces\{4EE7236B-EB0A-4B14-A58A-4437411BC30D}: [DhcpNameServer] 82.212.62.40 78.42.43.40
Tcpip\..\Interfaces\{B8F39006-DBE2-4921-AFBA-B001496AEB6F}: [DhcpNameServer] 82.212.62.62 78.42.43.62

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-14] (Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2016-01-11] (F-Secure Corporation)
BHO: F-Secure Search -> {690EF1CF-5775-4CB3-A5B8-85A63FD0262B} -> C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll [2015-11-19] (F-Secure Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-28] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-02-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-14] (Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2016-01-11] (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-28] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-02-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Toolbar: HKLM - F-Secure Search Toolbar - {B242FC32-2B60-48EA-A8E3-2E280EDBC48F} - C:\Program Files (x86)\F-Secure\apps\SafeSearch\IE\FSSafeSearch64.dll [2015-11-19] (F-Secure Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-28] (LastPass)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2010-09-01] (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-28] (LastPass)
Toolbar: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000 -> Kein Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} - Keine Datei
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: file:///C:/liveBASE/s01/DO_sets/graphics/S_y16/S_q116/set_01/abstract_graphic_art__blue_v-wallpaper-1920x1080.jpg
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-28] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-06-29] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-28] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\NRG1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\NRG1\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\searchplugins\firefox-add-ons.xml [2015-12-01]
FF SearchPlugin: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\searchplugins\leo-eng-deu-v20.xml [2016-01-23]
FF SearchPlugin: C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\searchplugins\unitymedia-forum.xml [2016-02-02]
FF Extension: Extension List Dumper 2 - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\extension_list_dumper_2@iceberg.it.xpi [2015-12-07]
FF Extension: Stylish - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-12-11]
FF Extension: Classic Theme Restorer - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-12-19]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\pavel.sherbakov@gmail.com [2015-12-26]
FF Extension: Tab Mix Plus - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-27]
FF Extension: Tab Scope - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\tabscope@xuldev.org.xpi [2015-12-29]
FF Extension: Page Zoom Button - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi [2016-01-14]
FF Extension: S3.Google Translator - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\s3google@translator.xpi [2016-01-26]
FF Extension: Context Search - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2016-01-28]
FF Extension: Status-4-Evar - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\status4evar@caligonstudios.com.xpi [2016-01-31]
FF Extension: LastPass - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\support@lastpass.com [2016-03-14]
FF Extension: Xmarks - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\extensions\foxmarks@kei.com [2016-03-14]
FF Extension: ADB Helper - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\adbhelper@mozilla.org [2016-01-25]
FF Extension: Valence - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\fxdevtools-adapters@mozilla.org [2016-01-25]
FF Extension: NASA Night Launch - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\nasanightlaunch@example.com.xpi [2016-01-28]
FF Extension: Super Drag - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\superdrag@enjoyfreeware.org.xpi [2015-12-02]
FF Extension: uBlock Origin - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\uBlock0@raymondhill.net.xpi [2016-03-20]
FF Extension: FT DeepDark - C:\Users\NRG1\AppData\Roaming\Mozilla\Firefox\Profiles\d272fh1e.default-1448915015684\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2016-03-11]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-24] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: Browsing Protection by F-Secure - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2016-01-11]
FF HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Firefox\Extensions: [safesearch@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi
FF Extension: Search by F-Secure - C:\Program Files (x86)\F-Secure\apps\SafeSearch\\Firefox\main.xpi [2015-10-05]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> safe
CHR Profile: C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-04]
CHR Extension: (Google Docs) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-04]
CHR Extension: (Google Drive) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-04]
CHR Extension: (YouTube) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-04]
CHR Extension: (Google-Suche) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Tabellen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Search by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2015-12-04]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-01-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Extension: (Google Mail) - C:\Users\NRG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx [2015-11-04]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - C:/Program Files (x86)/F-Secure/apps/CCF_Scanning/bin/browser/install/fs_chrome_https/fs_chrome_https.crx [2015-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2777840 2016-01-31] (Microsoft Corporation)
R2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [184360 2015-11-10] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-11-24] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [60456 2015-05-19] (F-Secure Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-06-18] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2014-03-10] (Stardock Corporation) [Datei ist nicht signiert]
R2 WindowFX; C:\Program Files (x86)\Stardock\WindowFX\WindowFXSrv.exe [181904 2014-06-12] (Stardock Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [97456 2014-08-13] (Qualcomm Atheros, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [208424 2016-01-01] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [97352 2016-02-11] (F-Secure Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2016-02-02] (Acronis International GmbH)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [75448 2016-01-12] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [97832 2016-01-11] (F-Secure Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [161488 2014-03-05] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2015-02-23] (Audials AG)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2016-02-02] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2016-02-02] (Acronis International GmbH)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-21 01:42 - 2016-03-21 01:42 - 00038058 _____ C:\Users\NRG1\Desktop\FRST.txt
2016-03-21 01:42 - 2016-03-21 01:42 - 00000000 ____D C:\FRST
2016-03-21 01:33 - 2016-03-21 01:33 - 02374144 _____ (Farbar) C:\Users\NRG1\Desktop\FRST64.exe
2016-03-21 01:27 - 2016-03-21 01:27 - 00000289 _____ C:\Users\NRG1\Desktop\Malware Removal Posting Instructions - Sysnative Forums.URL
2016-03-20 23:30 - 2016-03-20 23:40 - 00000000 ____D C:\AdwCleaner
2016-03-19 05:59 - 2016-03-19 13:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-15 07:34 - 2016-03-20 22:20 - 00000000 ____D C:\_girls_cars_graphics
2016-03-05 13:57 - 2016-03-05 13:57 - 00000110 ____H C:\Users\NRG1\Desktop\2016-03-05_135645.jpg.uid-zps
2016-03-02 05:43 - 2016-03-02 05:43 - 00000293 _____ C:\Users\NRG1\Desktop\How Malware Spreads - How your system gets infected - Am I infected What do I do.URL
2016-03-01 02:39 - 2016-03-01 02:39 - 00002189 _____ C:\Users\NRG1\Desktop\Syno_UsersGuide_NAServer_deu.pdf - Verknüpfung.lnk
2016-02-29 06:15 - 2016-02-29 06:15 - 00001670 _____ C:\Users\NRG1\Desktop\OO_DI_10_manual.pdf - Verknüpfung.lnk
2016-02-26 14:02 - 2016-02-26 13:32 - 00000254 _____ C:\Users\NRG1\Desktop\del_later_Wie Malware arbeitet_artikel_trojaner_board.URL
2016-02-24 21:48 - 2016-02-24 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-02-22 23:22 - 2016-02-22 23:27 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\CintaNotes
2016-02-22 23:19 - 2016-02-22 23:19 - 00001044 _____ C:\Users\Public\Desktop\CintaNotes.lnk
2016-02-22 23:19 - 2016-02-22 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CintaNotes
2016-02-22 23:19 - 2016-02-22 23:19 - 00000000 ____D C:\Program Files (x86)\CintaNotes

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-21 01:39 - 2015-05-19 14:18 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 01:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 01:36 - 2015-01-25 00:58 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\AIMP3
2016-03-21 01:33 - 2016-02-18 02:01 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-21 01:32 - 2015-05-28 15:07 - 00000000 ____D C:\Users\NRG1\AppData\LocalLow\LastPass
2016-03-21 01:00 - 2015-05-19 14:18 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 23:13 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-20 23:13 - 2009-07-14 05:45 - 00028912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-20 23:11 - 2011-04-12 08:43 - 00699964 _____ C:\Windows\system32\perfh007.dat
2016-03-20 23:11 - 2011-04-12 08:43 - 00149570 _____ C:\Windows\system32\perfc007.dat
2016-03-20 23:11 - 2009-07-14 06:13 - 01621742 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-20 23:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-20 23:06 - 2015-11-02 13:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 22:53 - 2015-05-23 17:10 - 00000000 ____D C:\_xSET
2016-03-20 22:53 - 2015-05-23 17:10 - 00000000 ____D C:\_xNET_DL
2016-03-20 22:20 - 2015-05-23 17:10 - 00000000 ____D C:\liveBASE
2016-03-20 22:19 - 2015-08-09 02:39 - 00000000 ____D C:\queue_4_GT72
2016-03-20 22:19 - 2015-05-23 00:20 - 00000000 ____D C:\liveSTOR
2016-03-20 22:19 - 2015-05-20 15:23 - 00000000 ____D C:\queue_4_M500
2016-03-20 21:25 - 2015-05-21 20:42 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\Spotify
2016-03-20 17:56 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-20 15:52 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-20 05:52 - 2015-05-28 15:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 05:14 - 2015-06-04 23:13 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\MediaMonkey
2016-03-18 19:40 - 2015-05-21 20:42 - 00000000 ____D C:\Users\NRG1\AppData\Local\Spotify
2016-03-15 02:02 - 2015-05-19 14:18 - 00002196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-11 19:33 - 2016-02-18 02:01 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 19:33 - 2015-05-28 15:46 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 19:33 - 2015-05-28 15:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 19:16 - 2015-05-20 19:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-08 18:46 - 2015-05-27 02:19 - 00000000 ____D C:\Users\NRG1\AppData\Local\CrashDumps
2016-03-03 19:19 - 2015-05-19 15:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-02 18:31 - 2016-02-09 16:32 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\EssentialPIM Pro
2016-03-02 15:17 - 2015-06-15 23:30 - 00000000 ____D C:\Users\Public\Downloads\queue
2016-02-27 21:20 - 2015-05-23 16:09 - 00000000 ____D C:\Users\Public\Downloads\from_msi_GE60_set_02
2016-02-27 16:08 - 2015-05-21 18:37 - 00000000 ____D C:\Users\NRG1\AppData\Roaming\Notepad++
2016-02-25 18:55 - 2015-06-22 16:19 - 00009216 ____H C:\Users\NRG1\Desktop\photothumb.db
2016-02-24 15:47 - 2015-05-18 20:33 - 00000000 ____D C:\Users\NRG1
2016-02-24 15:46 - 2015-05-19 15:06 - 00000000 ____D C:\Program Files (x86)\AIMP3
2016-02-24 15:46 - 2015-05-19 13:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 15:46 - 2015-05-19 10:46 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-02-24 15:46 - 2015-05-18 23:40 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-02-24 15:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-28 16:07 - 2015-05-28 16:07 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-18 23:26 - 2015-05-18 23:26 - 0000000 _____ () C:\Users\NRG1\AppData\Local\Driver_LOM_8161Present.flag
2015-06-21 08:12 - 2015-06-21 08:12 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2002-02-04 08:53 - 2002-02-04 08:53 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\sdpsenv.dat

Einige Dateien in TEMP:
====================
C:\Users\NRG1\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\NRG1\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\NRG1\AppData\Local\Temp\DivXSetup.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\NRG1\AppData\Local\Temp\LMkRstPt.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.8.3.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.8.6.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\NRG1\AppData\Local\Temp\sonarinst.exe
C:\Users\NRG1\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-03-19 03:16

==================== Ende von FRST.txt ============================

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von NRG1 (2016-03-21 01:43:00)
Gestartet von C:\Users\NRG1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-05-18 19:33:16)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-2705551495-1709297390-2946396948-500 - Administrator - Disabled)
Gast (S-1-5-21-2705551495-1709297390-2946396948-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2705551495-1709297390-2946396948-1003 - Limited - Enabled)
NRG1 (S-1-5-21-2705551495-1709297390-2946396948-1000 - Administrator - Enabled) => C:\Users\NRG1

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus by F-Secure (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Antivirus by F-Secure (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image WD Edition (HKLM-x32\...\{3512B235-D2A2-4F77-B717-0052731AACEC}) (Version: 18.0.6126 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Ashampoo Burning Studio 15 v.15.0.4 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.4 - Ashampoo GmbH & Co. KG)
Audials (HKLM-x32\...\{7135BA3F-6EF9-43B2-9FE0-E5D82842D3EF}) (Version: 12.0.62100.0 - Audials AG)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cinergy HTC Stick Driver Installation (64 Bit) (HKLM-x32\...\{95BC8C47-3587-489A-A156-C03E2519F663}) (Version: 5.09.1202.00 - TERRATEC Electronic GmbH)
CintaNotes 3.1.2 (HKLM-x32\...\CintaNotes_is1) (Version: - Cinta Software)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 2.0 - Outertech)
Computer Security 14.150.101.0 (release) (x32 Version: 14.150.101.0 - F-Secure Corporation) Hidden
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (HKLM\...\EPSON SX430 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EssentialPIM Pro (HKLM-x32\...\EssentialPIM Pro) (Version: 6.56 - Astonsoft Ltd)
ETDWare PS/2-X64 11.13.7.5_WHQL (HKLM\...\Elantech) (Version: 11.13.7.5 - ELAN Microelectronic Corp.)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FreeFileSync 7.8 (HKLM-x32\...\FreeFileSync) (Version: 7.8 - www.FreeFileSync.org)
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.50.208.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.50.208.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.72.115.709 (release) (x32 Version: 1.72.115.709 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.119 (x32 Version: 1.04.119 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.07.110.0 (release) (x32 Version: 1.07.110.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPSoftware Directory Opus (HKLM-x32\...\{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}) (Version: 10.5.7 - GPSoftware)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Helium Music Manager 10.4 (HKLM-x32\...\{CF92B1C3-4738-4A0C-83BB-EA9B25DF5D12}}_is1) (Version: 10.4.0.12729 - Imploded Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1405.3) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
jetVideo Basic VX (HKLM-x32\...\{DC50950F-9308-49FE-8B50-859EBB08B6F6}) (Version: 8.1.0 - COWON)
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.6366.2068 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1026 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1026 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1026 - Microsoft Corporation) Hidden
Online Safety 2.150.3659.2518 (x32 Version: 2.150.3659.2518 - F-Secure Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PureSync (x32 Version: 4.0.0 - Jumping Bytes) Hidden
PureSync 4.0.0 (HKLM-x32\...\PureSync) (Version: 4.0.0 - Jumping Bytes)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.46.1056 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7349 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.21 - Stardock Software, Inc.)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.13 - Stardock Software, Inc.)
Stardock IconPackager (HKLM-x32\...\Stardock IconPackager) (Version: 5.10 - Stardock Software, Inc.)
Stardock ObjectDock (HKLM-x32\...\Stardock ObjectDock) (Version: 2.20 - Stardock Software, Inc.)
Stardock SkinStudio (HKLM-x32\...\SkinStudio) (Version: 8.10 - Stardock Software, Inc.)
Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.)
Stardock WindowFX (HKLM-x32\...\WindowFX) (Version: 5.15 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TerraTec Home Cinema (HKLM-x32\...\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}) (Version: 6.17.2 - )
Uplay (HKLM-x32\...\Uplay) (Version: 6.1 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - TERRATEC (USB28xxBGA) Media (12/02/2009 5.09.1202.00) (HKLM\...\DEA71B680A73019257D02BA81950E46834CCA331) (Version: 12/02/2009 5.09.1202.00 - TERRATEC )
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)
XnConvert 1.66 (HKLM\...\XnConvert_is1) (Version: 1.66 - Gougelet Pierre-e)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.9 - ZONER software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {273561C7-ACC8-49F8-A256-221007A4B330} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-31] (Microsoft Corporation)
Task: {38429C7B-857C-4F7C-89E8-CE78CFDEC35A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-31] (Microsoft Corporation)
Task: {715A782F-B023-4650-A746-16EE682537C7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {7FF16B4B-CA6F-498B-AD44-B5857D14C028} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {842CCD45-509E-49AF-950B-0E28F61AC09F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)
Task: {C602A990-0437-4873-9145-26A0931B1D9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-18 23:14 - 2014-01-08 01:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-14 12:50 - 2014-07-14 12:50 - 00597536 _____ () C:\Program Files (x86)\Stardock\WindowFX\WFX32.exe
2016-02-14 01:07 - 2016-01-31 05:54 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-06-03 10:31 - 2015-06-18 03:47 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 02412296 _____ () C:\Program Files (x86)\Audials\Audials 12\AudialsNotifier.exe
2015-12-04 23:48 - 2015-12-04 23:48 - 01328632 _____ () C:\Program Files (x86)\DFX\DFX.exe
2015-12-04 23:37 - 2015-12-04 23:37 - 00133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-12-04 23:43 - 2015-12-04 23:43 - 00134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-12-05 00:16 - 2015-12-05 00:16 - 00051192 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2015-05-19 10:51 - 2015-11-24 11:26 - 00072744 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2015-08-17 13:01 - 2015-08-17 13:01 - 00248872 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2015-05-19 10:55 - 2016-02-03 15:43 - 00091176 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2015-05-19 10:51 - 2016-02-03 15:42 - 00177704 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Gemini\fsgem.dll
2015-05-19 10:51 - 2016-01-01 11:08 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2010-11-22 14:26 - 2010-11-22 14:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00046080 _____ () C:\Program Files (x86)\Audials\Audials 12\boost_thread-vc90-mt-1_39.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00045056 _____ () C:\Program Files (x86)\Audials\Audials 12\boost_date_time-vc90-mt-1_39.dll
2015-02-23 10:39 - 2015-02-23 10:39 - 00545032 _____ () C:\Program Files (x86)\Audials\Audials 12\StreamingClient.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00012800 _____ () C:\Program Files (x86)\Audials\Audials 12\boost_system-vc90-mt-1_39.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00068360 _____ () C:\Program Files (x86)\Audials\Audials 12\CrashRpt.dll
2015-02-23 10:39 - 2015-02-23 10:39 - 00580360 _____ () C:\Program Files (x86)\Audials\Audials 12\SQLite3.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00614912 _____ () C:\Program Files (x86)\Audials\Audials 12\boost_regex-vc90-mt-1_39.dll
2015-09-22 02:32 - 2015-09-22 02:32 - 00316416 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\84d31126b276561991ba3a3624025891\Utils.ni.dll
2015-05-21 19:49 - 2015-05-21 19:49 - 00649216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\82261c432da37966ddd9b5541290b7d7\ManagedInterfaces.ni.dll
2016-02-14 02:25 - 2016-02-14 02:25 - 03807232 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\4f31774faff57400075de1bcbeafe010\AudialsComponents.ni.dll
2015-05-21 19:49 - 2015-05-21 19:49 - 00174592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\1e808de1bd8cb0cb0a6eb6d8180f2a92\fastJSON.ni.dll
2015-05-21 19:49 - 2015-05-21 19:49 - 00062464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CrashHandlerNET\0dbec0d93b06c60c8f6fd57bd461a0a4\CrashHandlerNET.ni.dll
2015-02-23 10:38 - 2015-02-23 10:38 - 00040712 _____ () C:\Program Files (x86)\Audials\Audials 12\CrashHandlerNET.dll
2014-06-27 13:36 - 2014-06-27 13:36 - 00107520 _____ () C:\Program Files (x86)\Xmarks\IE Extension\zlib1.dll
2015-05-21 14:58 - 2014-09-09 12:30 - 00603648 _____ () C:\Program Files\Zoner\Photo Studio 17\Program32\SpiderMonkey.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-12-05 00:11 - 2015-12-05 00:11 - 00052216 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2014-03-10 15:48 - 2014-03-10 15:48 - 00094208 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Clock\Clock.dll
2015-09-15 17:56 - 2015-09-15 17:56 - 00037328 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-09-15 17:56 - 2015-09-15 17:56 - 00034256 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-05-18 22:24 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\...\sony.com -> sony.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-12-23 01:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2705551495-1709297390-2946396948-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NRG1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 82.212.62.40 - 78.42.43.40
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{386909B0-4FC1-4E70-BE1F-C21A7AA26F0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F14CE0C8-4B3C-496D-B0B6-AFA40B5B36B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A828B942-13F3-465B-982C-8AC441B398EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6CE2865B-8633-453A-A517-29A3E095E096}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{17B7097D-F741-488F-A114-208C5DF51C59}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{55F79248-3609-4F2A-8B9E-BC0CDE1EE8E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{40692B5E-91F4-4F08-8803-F5E868BF740D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3280F3BC-0FF0-4ECA-BDB2-845A1C83B5B8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A7335502-1AC9-4211-B664-88B9D525C6DB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3CBBA18-7DED-4C16-8B78-11E30FF00C86}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6A9B5980-5795-4659-BD40-6388F3DA0A06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ABAF58A0-29AD-470A-A42B-A544F8DFD461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{507A6E3E-703A-4938-8767-FD8851A3E072}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{A60C5094-5340-4E70-A213-E7E0E1C33E33}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{1F94A4A9-4E96-45A0-9BB1-2E4E1F96BC00}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe
FirewallRules: [{D6F8373A-7C18-4597-9113-52A5EB8E1A0B}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{9BEA8B73-C183-47E2-9227-7C6542A48DB1}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
FirewallRules: [{C696E9DD-BEAF-4C05-BA24-1975E33D62B5}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{1F3B8CF7-ECE3-484B-B845-618E97DDCE2D}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe
FirewallRules: [{B993C023-F2D2-407A-A24B-2FB0F6A9F779}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe
FirewallRules: [{B4BB0FE8-27FC-4E04-9DB9-5E3AB9F1D2F0}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe
FirewallRules: [{A6D89B3F-3408-4135-8268-29050975F06B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{21647B3F-2EF2-4F79-9BA2-45394C92C929}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{4AC700B9-C05F-4BEC-BD51-73A3F139F527}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{4F8BC0DB-AF69-4938-9973-A5106ADB5CBA}] => (Allow) C:\Program Files (x86)\Audials\Audials 12\Audials.exe
FirewallRules: [{8904474F-9C50-445D-9DF8-721DE8BE486C}] => (Allow) LPort=12972
FirewallRules: [{6185E386-CB0F-48E3-9811-D8206E50C6C0}] => (Allow) LPort=14714
FirewallRules: [{358C340F-69A1-4D0F-93B6-7B0FC36CDD11}] => (Allow) LPort=31931
FirewallRules: [{E66242E3-BBAC-4C31-A6F6-B22479545959}] => (Allow) C:\Users\NRG1\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{4605C2B2-5E1E-4182-92C3-8D4AE441BC7F}] => (Allow) C:\Users\NRG1\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{71222B96-C597-4DDB-8E99-AFF422579979}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EE58220-03B1-4AC4-A800-06639CEA2ECA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E80A149-27A0-4BEA-B98D-29C1A62C0BF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{25F3A9A6-147C-4BDF-9030-40E815B91D37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\nw.exe
FirewallRules: [{88FC8000-B25F-4E11-9BD5-0F46558C18A1}] => (Allow) D:\eaGE60HDD\Battlefield 4\bf4_x86.exe
FirewallRules: [{7B207C30-6D0F-4B0F-A2A5-D48B9035D5A9}] => (Allow) D:\eaGE60HDD\Battlefield 4\bf4_x86.exe
FirewallRules: [{3059D169-7007-4516-833D-AF5590713AC2}] => (Allow) D:\eaGE60HDD\Battlefield 4\bf4.exe
FirewallRules: [{40C16FC0-E319-4EB2-B813-33DF8307CB2C}] => (Allow) D:\eaGE60HDD\Battlefield 4\bf4.exe
FirewallRules: [{A9F049DF-7821-4699-8E62-F89A5B7ECEDC}] => (Allow) C:\Users\NRG1\AppData\Local\Temp\EPSON SX430 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [{AAC3078A-CD8C-4CA3-B4ED-98BF7A4E9F22}] => (Allow) C:\Users\NRG1\AppData\Local\Temp\EPSON SX430 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [TCP Query User{B0C30BF5-6541-4946-899C-EE3A9E6EAF99}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{AA9CF948-997D-4DF6-8172-452245322DF5}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{01952127-CE32-4488-80E0-12A447DA9973}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4D2A436D-4AAA-4A64-8DB5-B677387E05F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F03A9472-DA48-4781-8B41-8F693FA9226D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{86A34868-72A7-480C-914D-E31F5EF560CB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{91C0883F-2C73-424F-B6E9-821B3BABF311}D:\eage60hdd\battlefieldheroes\bfheroes.exe] => (Allow) D:\eage60hdd\battlefieldheroes\bfheroes.exe
FirewallRules: [UDP Query User{295326CD-04E6-4657-9510-DDA0FAD85275}D:\eage60hdd\battlefieldheroes\bfheroes.exe] => (Allow) D:\eage60hdd\battlefieldheroes\bfheroes.exe
FirewallRules: [TCP Query User{E95A1727-27FB-416B-99E6-ED1620479743}D:\steamge60hdd\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Allow) D:\steamge60hdd\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{5069D9E9-B33A-4775-9CC1-950679AB3882}D:\steamge60hdd\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Allow) D:\steamge60hdd\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [{2B8C968E-0101-4324-8403-1EEA986BA63D}] => (Allow) D:\steamGE60HDD\steamapps\common\Warface\live\nw.exe
FirewallRules: [{C5E6CD5E-6BEA-4859-8885-612DF1876B85}] => (Allow) D:\steamGE60HDD\steamapps\common\Warface\live\nw.exe
FirewallRules: [{F0354493-98FA-4565-9151-5553D8827DFC}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe
FirewallRules: [{6386D67C-7730-4486-BE88-011707CFCDA6}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe
FirewallRules: [{EED7E32B-7E62-4BD6-AEA6-2D1AAECADD58}] => (Allow) C:\Users\NRG1\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0E780F6C-E544-4113-89A2-29CF9772C7F4}] => (Allow) C:\Users\NRG1\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{5A9E8216-6098-4E18-A634-4D774D78A6E3}] => (Allow) D:\steamGE60HDD\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{529489D3-D7F6-4C3B-B81B-D89406F36A4D}] => (Allow) D:\steamGE60HDD\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{7C5B7735-C778-41E7-BBC9-49BB2CD7A981}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{340D26C1-FA50-41BD-97D3-15504999FB61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84E07878-769B-48B8-8E3C-82F4EC2DFB85}] => (Allow) D:\steamGE60HDD\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B429EC14-13C9-4D10-BB90-726CA86D156C}] => (Allow) D:\steamGE60HDD\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B061B471-1D2C-44AA-8D71-3CF79452EDA4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

03-03-2016 23:27:12 Geplanter Prüfpunkt
11-03-2016 14:03:14 Geplanter Prüfpunkt
12-03-2016 07:32:17 before patches m02m03y16
19-03-2016 15:13:07 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/21/2016 01:38:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2016 11:05:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2016 10:57:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2016 10:47:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Systemfehler:
=============
Error: (03/21/2016 01:37:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (03/20/2016 01:41:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (03/20/2016 06:26:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (03/19/2016 02:51:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/18/2016 04:22:41 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume3\Program Files (x86)\F-Secure\apps\ComputerSecuri...fsgemt.dll

Error: (03/18/2016 04:22:18 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume3\Windows\System32\wbload.dll

Error: (03/18/2016 04:21:03 PM) (Source: F-Secure Gatekeeper) (EventID: 1) (User: )
Description: \Device\HarddiskVolume3\Program Files (x86)\F-Secure\apps\ComputerSecuri...fsgemu.dll

Error: (03/18/2016 02:36:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (03/16/2016 04:53:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8112.22 MB
Verfügbarer physikalischer RAM: 5502.45 MB
Summe virtueller Speicher: 16222.65 MB
Verfügbarer virtueller Speicher: 13460.3 MB

==================== Laufwerke ================================

Drive c: (W7x64M500) (Fixed) (Total:223.47 GB) (Free:133.04 GB) NTFS
Drive d: (GE60HDD) (Fixed) (Total:465.76 GB) (Free:328.66 GB) NTFS
Drive f: (dura_xNET) (Network) (Total:1829.36 GB) (Free:757.83 GB) NTFS
Drive g: (W7x64M500) (Network) (Total:223.47 GB) (Free:133.04 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 223061FD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 0FD53FBD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Result of Security Analysis by Rocket Grannie (x86) version: 21st March 2016
Running from:C:\Users\NRG1\Desktop (01:57:41 - 03/21/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is *Disabled*
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
Antivirus by F-Secure Disabled - up to Date!
Windows Firewall is *Disabled*
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 21.0.0.182)
Google Chrome (version 48)
Java (version 8.0.730.2)
Malwarebytes Anti-Malware (version 2.2.0.1024)
Microsoft Silverlight (version 5)
Mozilla Firefox (version 44)

***----------------Analysis Complete-------------------------***

LASERoneZZZ · Mar 20, 2016

Hi

i have some additional informations. I have two another Laptops "Packard Bell TSX62" and "msi-GT72-2QD".
i scanned both with ADW-cleaner: Reg-keys were found, LOGs are attached
Other results:
"Malwarebytes anti malware": both laptops are clean.
"F-secure" found nothing on msi-GT72. The laptop TSX62 is older/slower so i will try to scan this machine
with F-secure some hours later: now its 4:58 AM in Europe

I think i will just wait for Your instructions before running FRST/RGSA.exe on this two laptops....
..... so good night and see yahhh soon ...... !!

first LOG: msi GT72 and second TSX62

# AdwCleaner v5.103 - Bericht erstellt am 21/03/2016 um 03:36:59
# Aktualisiert am 20/03/2016 von Xplode
# Datenbank : 2016-03-20.7 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : NRG1 - NRG1GT72
# Gestartet von : C:\_xSET\adw_cleaner_LTD\adwcleaner_5.103.exe
# Option : Suchlauf
# Unterstützung : ToolsLib - Forum: Ask for help or share your experience.

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

***** [ DLL ] *****

***** [ Verknüpfungen ] *****

***** [ Aufgabenplanung ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54

***** [ Internetbrowser ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [775 Bytes] - [21/03/2016 03:36:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [847 Bytes] ##########

# AdwCleaner v5.103 - Bericht erstellt am 21/03/2016 um 03:54:17
# Aktualisiert am 20/03/2016 von Xplode
# Datenbank : 2016-03-20.7 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : NRG1 - NRG1TSX62
# Gestartet von : C:\_xSET\adw_cleaner_LTD\adwcleaner_5.103.exe
# Option : Suchlauf
# Unterstützung : ToolsLib - Forum: Ask for help or share your experience.

***** [ Dienste ] *****

***** [ Ordner ] *****

***** [ Dateien ] *****

***** [ DLL ] *****

***** [ Verknüpfungen ] *****

***** [ Aufgabenplanung ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54

***** [ Internetbrowser ] *****

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [801 Bytes] - [21/03/2016 03:54:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 Bytes] ##########

Corrine · Mar 21, 2016

It looks to be a false/positive. Posted since yesterday in the comments section at ToolsLib - Downloads - AdwCleaner by BakuDM. (Click Comments on that page. You may want to add your "vote" to his post by clicking the :thumbsup2: )

LASERoneZZZ · Mar 21, 2016

Hi Corrine,

OK, fine! very good news !! Yesterday i really thought i'm in a quite "serious" situation (Your POST #2): "virus" .
So once again: thanks a lot for your support !

seee yahhh....!

Corrine · Mar 21, 2016

If you would like to cleanup the temp files, let me know. Otherwise, I'll give you instructions to remove the FRST, etc.

LASERoneZZZ · Mar 21, 2016

hi

i guess i had a bad idea today....

The 2 apllication were on my desktop
and the log-files were also created on my desktop: some time ago i moved this 5 files
to a subdirectory: i thought both programs are "portable" and it will be not necessary to uninstal/remove them.
Should i now move all 5 files back to my desktop in order to remove/uninstal them properly?

see yahhhhhh......!

LASER

Corrine · Mar 21, 2016

It probably would be easiest to move them to your desktop. Both are updated fairly regularly anyway so its best to just start fresh should they be needed again. After moving them, please do the following:

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

LASERoneZZZ · Mar 21, 2016

OK.... sorry, bad idea again....

Today I also created a new W7-User-Account (standard-ACC) on this machine. "Delfix" must perform this Registry/system operations:

* Create registry backup
* Purge system restore

The new USER-Account made possibly a lot of changes
to the system/registry............ Should i try to run "delfix" anyway....?

Maybe deleting the new Account could be a simple solution......????

seee yahhhhhh....!!!

LASER

Corrine · Mar 21, 2016

Seeing as how you are not a computer novice, instead of going through all that, just go ahead and delete FRST, FRST.txt, Addition.txt, Security Analysis and SALog.txt.

LASERoneZZZ · Mar 23, 2016

Hi

OK, i just deleted all 5 files from desktop with a simple file-manager....

....see yahhhh soon !!

LASER

Corrine · Mar 23, 2016

Good job!

ADW-cleaner detection: malware?

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

LASERoneZZZ

Contributor

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

LASERoneZZZ

Contributor

Corrine

Administrator,
Microsoft MVP,
Security Analyst

ADW-cleaner detection: malware?

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Contributor

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst