Windows 8: PC komplett virenfrei machen!

Leo98 · 25.01.2015, 17:49

Hallo,
ich habe schon seit einiger Zeit ein paar Probleme mit meinem Browser google chrome und auch allgemein mit meinem PC. Immer wenn ich im Internet surfe ploppt plötzlich Werbung auf (vor allem Ads byAllDaySavings), es werden neue Tabs geöffnet oder der Browser stürtzt einfach ab! Ich habe schon versucht dieses Programm einzeln zu entfernen, habe mehrere Virenprogramme darüber laufen lassen und nie hat es funktioniert. Außerdem befürchte ich das dies nicht der einzigste Virus auf meinem PC ist! Also jetzt zu meiner eigentlichen Frage wie kann ich alle Viren und sonstiges von meinem PC entfernen aber trotzdem meine Datein und Programme behalten? Und mit welchen Programm verhindere ich das ich später wieder das selbe Problem habe?
Danke im vorraus

deeprybka · 25.01.2015, 18:08

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Leo98 · 25.01.2015, 18:31

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Leon (administrator) on LEON-PC on 25-01-2015 18:27:09
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-19] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_06588337.lnk
ShortcutTarget: _uninst_06588337.lnk -> C:\Users\Leon\AppData\Local\Temp\_uninst_06588337.bat ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=b2fd2c53-358a-f652-8b70-5a1a961636b4&searchtype=ds&q={searchTerms}&installDate=15/12/2013
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=b2fd2c53-358a-f652-8b70-5a1a961636b4&searchtype=ds&q={searchTerms}&installDate=15/12/2013
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Savings Sidekick -> {11111111-1111-1111-1111-110011501160} -> C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SpecialSavings -> {74F475FA-6C75-43BD-AAB9-ECDA6184F600} -> C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\B021CBBD-E38E-4F8C-8E93-6624B0597A23\kzhxnitccw.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Hosts: 54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ff
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta576.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta10961.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha666.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1068.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3481.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5512.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home8091.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2013-12-07]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllDaySavingsService64; C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R1 {6ccfd995-07be-49cf-8ad6-1422dc08761a}w64; C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}w64.sys [44688 2014-09-21] (StdLib)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 18:27 - 2015-01-25 18:27 - 00022793 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-01-25 18:27 - 2015-01-25 18:27 - 00000000 ____D () C:\FRST
2015-01-25 18:23 - 2015-01-25 18:24 - 02129920 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-01-25 15:43 - 2015-01-25 15:43 - 04087472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-06 19:51 - 2015-01-25 15:26 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-06 19:47 - 2015-01-25 15:23 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2015-01-01 17:47 - 2015-01-01 17:47 - 00000000 ____D () C:\Users\Leon\AppData\Local\Introversion
2014-12-31 16:49 - 2014-12-31 17:08 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\eve Updater
2014-12-31 16:49 - 2014-12-31 16:49 - 00165959 _____ () C:\Users\Leon\Downloads\HUD Updater v1.6.zip
2014-12-31 16:47 - 2014-12-31 16:47 - 06877067 _____ () C:\Users\Leon\Downloads\tr_walkway_rc2.rar
2014-12-31 16:47 - 2014-12-31 16:47 - 00724453 _____ () C:\Users\Leon\Downloads\eve_hud_v354.zip
2014-12-30 21:07 - 2014-12-30 21:38 - 167127408 _____ () C:\Users\Leon\Downloads\setup_11.0.3.8.x01_2014_12_30_21_35.exe
2014-12-30 20:39 - 2014-12-30 20:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Leon\Downloads\sh-remover.exe
2014-12-30 20:15 - 2014-12-30 20:15 - 00004270 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-12-30 20:14 - 2014-12-30 21:03 - 00000000 ____D () C:\Program Files\Reimage
2014-12-30 20:14 - 2014-12-30 20:15 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-12-30 20:13 - 2015-01-25 15:21 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2014-12-30 20:13 - 2014-12-30 20:13 - 00775968 _____ (Reimage®) C:\Users\Leon\Downloads\ReimageRepair (1).exe
2014-12-30 20:12 - 2014-12-30 20:12 - 00775968 _____ (Reimage®) C:\Users\Leon\Downloads\ReimageRepair.exe
2014-12-30 20:07 - 2014-12-30 20:07 - 00380272 _____ (Swift Installer ) C:\Users\Leon\Downloads\Flash_Player_Pro_Setup.exe
2014-12-30 19:52 - 2014-12-30 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-30 19:50 - 2015-01-19 12:07 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-12-30 19:29 - 2014-12-30 19:29 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 __SHD () C:\Users\Leon\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 18:27 - 2013-11-26 19:08 - 01201757 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 18:26 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-01-25 18:25 - 2014-01-07 19:25 - 00000300 _____ () C:\WINDOWS\Tasks\FoxTab.job
2015-01-25 18:21 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-01-25 18:13 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-01-25 18:12 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-01-25 18:00 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-01-25 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 17:47 - 2014-04-12 16:32 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 17:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 17:32 - 2014-08-17 14:32 - 00000304 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job
2015-01-25 17:23 - 2013-04-05 13:49 - 00000352 _____ () C:\WINDOWS\Tasks\AmiUpdXp.job
2015-01-25 16:41 - 2012-11-04 11:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-01-25 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-25 16:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-25 15:24 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive
2015-01-25 15:22 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-01-25 15:22 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-01-25 15:21 - 2014-04-12 16:32 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 15:21 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-25 15:20 - 2013-09-29 20:05 - 00060480 _____ () C:\WINDOWS\PFRO.log
2015-01-25 15:20 - 2013-08-22 15:46 - 00342423 _____ () C:\WINDOWS\setupact.log
2015-01-25 15:20 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-20 21:36 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 22:32 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 19:59 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-09 19:59 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-09 19:59 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-02 13:10 - 2014-01-08 19:20 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\.minecraft
2014-12-31 19:15 - 2014-06-29 17:02 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Bioshock
2014-12-31 12:14 - 2012-11-04 12:43 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 21:48 - 2014-09-25 15:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-30 20:25 - 2013-12-29 19:54 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\newnext.me
2014-12-30 19:52 - 2014-03-19 15:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 19:52 - 2013-12-18 16:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 19:13 - 2014-12-15 20:38 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Dropbox
2014-12-30 19:07 - 2014-12-15 20:43 - 00000000 ___RD () C:\Users\Leon\Dropbox

==================== Files in the root of some directories =======

2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL


Some content of TEMP:
====================
C:\Users\Leon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7vehnf.dll
C:\Users\Leon\AppData\Local\Temp\jansi-32-git-Spigot-1649.dll
C:\Users\Leon\AppData\Local\Temp\ose00000.exe
C:\Users\Leon\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Leon\AppData\Local\Temp\SHSetup.exe
C:\Users\Leon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leon\AppData\Local\Temp\sqlite3.exe
C:\Users\Leon\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 16:30

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Leon at 2015-01-25 18:28:20
Running from C:\Users\Leon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version:  - Giants Software)
Free MP4 Video Converter version 5.0.45.716 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{B16A196A-B3C9-4C19-A968-59365071A39F}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2382863035-827234180-2916811482-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

28-12-2014 17:51:00 Geplanter Prüfpunkt
07-01-2015 10:57:15 Geplanter Prüfpunkt
20-01-2015 18:14:31 Windows Update
25-01-2015 16:31:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-05-07 18:42 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06E8512C-20BF-4399-BD2A-B072A502672F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {08FD8D94-C398-49C1-AA51-733B384E259A} - System32\Tasks\{823F7D7D-FBED-45B8-A935-5DDD590C629B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {0D8E31FB-D4D4-4446-BC6F-1BA95589E585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {13463012-30B6-4247-BC02-37FE5C00DF48} - System32\Tasks\{CF902354-A649-4A7E-8190-4A65E8788D8E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.105/de/go/help.faq.installer?LastError=1638
Task: {21628CDA-9EFC-445A-8633-2CEFAEE7ADE9} - System32\Tasks\Updater5060.exe => C:\Users\Leon\AppData\Local\Updater5060\Updater5060.exe [2013-11-29] (Innovative Apps) <==== ATTENTION
Task: {33611046-8A30-4F36-A146-D93BDF4E2628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37DAF679-09FF-4A95-A8F7-702A8BF155E5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4B2F289D-A3FB-4E62-B051-AB8FB364AE90} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {4DFB4040-1E24-422D-AD64-AF82AFC2453D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {6C9F9837-99E9-4BB1-9256-0DF14358EA34} - System32\Tasks\{41A37D8F-AC88-4B51-83E1-6EE3A1645E1F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7376E05B-91D3-4E56-BE80-8378EBAA21F2} - \AmiUpdXp No Task File <==== ATTENTION
Task: {7E9133CC-A1CF-451D-9355-3F0F0714820B} - System32\Tasks\{8220E3CD-8ED9-40FE-A47B-1BE841A7DD74} => pcalua.exe -a C:\Users\Leon\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=adks <==== ATTENTION
Task: {9286254C-3DC7-4F55-88D6-2D088D88763F} - System32\Tasks\FoxTab => C:\Users\Leon\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {983C2AD4-693E-4541-B5F0-6613FD1F3B8B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {B9574B48-8C2E-4BC3-94B4-65BCC1A4B0C7} - System32\Tasks\WSE_Astromenda => C:\Users\Leon\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-08-17] () <==== ATTENTION
Task: {B963F49D-15B9-4456-AE23-A1D515E05506} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CF8CA595-F4C4-488A-B1BF-21D3678AA0FC} - System32\Tasks\{385F51D0-3B19-4913-88F1-85B409FAD9D8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1638
Task: {E97BA326-3D8F-4DA2-83FF-EC8C0F192394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {FB9E6523-1996-4EF3-BBEE-D53F54B393A6} - System32\Tasks\{F659F721-3DBD-4186-AFA6-06C5F2084EEB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {FBB214C2-16EF-4B61-A9D5-ED94A382D2C6} - System32\Tasks\{0B169B13-5F71-4518-A9DE-5A3487767D32} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Leon\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\Leon\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Leon\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-11-26 19:08 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-31 21:20 - 2014-07-31 21:20 - 00172544 _____ () C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\etmajyzoqm64.exe
2014-07-31 21:20 - 2014-07-31 21:20 - 00110080 _____ () C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\nfapi.dll
2014-07-31 21:20 - 2014-07-31 21:20 - 00456192 _____ () C:\Program Files (x86)\B021CBBD-E38E-4F8C-8E93-6624B0597A23\ProtocolFilters.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-01-14 11:07 - 2015-01-14 11:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2014-11-27 18:47 - 2014-11-27 18:47 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Leon\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Leon\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2382863035-827234180-2916811482-500 - Administrator - Disabled)
Gast (S-1-5-21-2382863035-827234180-2916811482-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2382863035-827234180-2916811482-1006 - Limited - Enabled)
Leon (S-1-5-21-2382863035-827234180-2916811482-1001 - Administrator - Enabled) => C:\Users\Leon

==================== Faulty Device Manager Devices =============

Name: Officejet 6000 E609a
Description: Officejet 6000 E609a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 06:01:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x710
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/25/2015 03:20:58 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/20/2015 09:34:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/20/2015 09:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.7.321.0, Zeitstempel: 0x52f17b5b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec0b4
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (01/20/2015 09:34:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x1a50
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/20/2015 06:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fdc

Startzeit: 01d034d486f22864

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 7d998a08-a0c8-11e4-bec3-742f68a90081

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (01/20/2015 06:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 269c

Startzeit: 01d034d487007743

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 7c82875f-a0c8-11e4-bec3-742f68a90081

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary 38856700.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary 65287540.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (01/25/2015 03:27:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (01/25/2015 03:27:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (01/25/2015 03:27:30 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (01/25/2015 03:20:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/20/2015 05:41:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/20/2015 05:41:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (12/30/2014 09:59:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942487

Error: (12/30/2014 09:59:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942487

Error: (12/30/2014 09:58:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/30/2014 08:40:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/25/2015 06:01:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b71001d038c07f6f8637C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllcb125715-a4b3-11e4-bec4-8c89a57ccf91

Error: (01/25/2015 03:20:58 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/20/2015 09:34:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/20/2015 09:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.321.052f17b5bKERNELBASE.dll6.3.9600.1727853eebd22c000014200000000000ec0b493801d034f084f90855C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dllc2a59440-a0e3-11e4-bec3-742f68a90081

Error: (01/20/2015 09:34:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b1a5001d034e1bc337b38C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllb9907c90-a0e3-11e4-bec3-742f68a90081

Error: (01/20/2015 06:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031fdc01d034d486f228644294967295C:\WINDOWS\syswow64\wwahost.exe7d998a08-a0c8-11e4-bec3-742f68a90081Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (01/20/2015 06:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689269c01d034d4870077434294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe7c82875f-a0c8-11e4-bec3-742f68a90081microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 38856700.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary 65287540.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/20/2015 06:15:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 12:33:18.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 21:17:08.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 20:23:12.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-18 20:44:25.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:53.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:52.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 19:49:40.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 19:12:19.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 34%
Total physical RAM: 4077.64 MB
Available physical RAM: 2660.31 MB
Total Pagefile: 5165.64 MB
Available Pagefile: 3231.96 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1433.76 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

deeprybka · 25.01.2015, 18:38

Hi,

Schritt 1

Bitte deinstalliere folgende Programme:

Reimage Protector

Versuche es bei Windows 8

mit der Windowstaste + X über

.

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung

Starte die Revouninstaller.exe
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Download
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 4

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Leo98 · 25.01.2015, 18:44

Soll ich mir den Revo Uninstaller auch herunterladen wenn die Deinstallation über Programme und Features bereits funktioniert hat?

deeprybka · 25.01.2015, 18:58

Zitat:

Zitat von Leo98

Soll ich mir den Revo Uninstaller auch herunterladen wenn die Deinstallation über Programme und Features bereits funktioniert hat?

Zitat:

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

....

Leo98 · 25.01.2015, 19:10

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 25/01/2015 um 19:02:33
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 8.1 Pro with Media Center  (64 bits)
# Benutzername : Leon - LEON-PC
# Gestartet von : C:\Users\Leon\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : AllDaySavingsService64
Dienst Gelöscht : netfilter64
Dienst Gelöscht : {6ccfd995-07be-49cf-8ad6-1422dc08761a}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380 
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\WowwCoouPOin
Ordner Gelöscht : C:\ProgramData\504c2cf8db11ac3b
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\RichMediaViewV1
Ordner Gelöscht : C:\Program Files (x86)\Savings Sidekick
Ordner Gelöscht : C:\Program Files (x86)\SpecialSavings
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\WebexpEnhancedV1
Ordner Gelöscht : C:\Program Files (x86)\Klip Pal
Ordner Gelöscht : C:\Program Files (x86)\WowwCoouPOin
Ordner Gelöscht : C:\Program Files\AllDaySavings
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Users\Leon\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Leon\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Leon\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Leon\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Leon\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Leon\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\Astromenda
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\newnext.me
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\wse_astromenda
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Leon\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Leon\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\WINDOWS\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}w64.sys
Datei Gelöscht : C:\Users\Leon\daemonprocess.txt
Datei Gelöscht : C:\Users\Leon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Leon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Datei Gelöscht : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : AmiUpdXp
Task Gelöscht : FoxTab
Task Gelöscht : LaunchSignup
Task Gelöscht : WSE_Astromenda

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WoWCouponi.WoWCouponi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WoWCouponi.WoWCouponi.4.7
Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
Schlüssel Gelöscht : HKLM\SOFTWARE\596da8ab76fbf41
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95154BE9-4BDC-E516-9BE3-3720DCC1B738}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95154BE9-4BDC-E516-9BE3-3720DCC1B738}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95154BE9-4BDC-E516-9BE3-3720DCC1B738}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95154BE9-4BDC-E516-9BE3-3720DCC1B738}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{95154BE9-4BDC-E516-9BE3-3720DCC1B738}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WSE_Astromenda
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\StormWatch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaPlayerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaWatchV1
Schlüssel Gelöscht : HKLM\SOFTWARE\nationzoomSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Savings Sidekick
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Video downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Video Player
Schlüssel Gelöscht : HKLM\SOFTWARE\VideoPlayerV3
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\Better-Surf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Video downloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v37.0.2062.120

[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M193D26AD-95BD-40C1-A615-A22F4F1518D3&SearchSource=58&CUI=&UM=5&UP=SP28987AA1-9CFA-471B-B61D-240F239A1E83&q={searchTerms}&SSPV=
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_33_ch&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyB0C0C0FzytCtA0C0CtDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0B0A0AyBtA0AtGtB0FyByBtGzztC0BtBtGtD0Bzz0EtGtC0F0B0CyE0CzytCyE0DyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtA0FtB0C0AtDyEtGyBtDtCzztGzzzztBtCtG0AtC0D0AtGtC0C0DyDzzzyyE0AzytBzytA2Q&cr=441309099&ir=
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae

*************************

AdwCleaner[R0].txt - [31522 octets] - [25/01/2015 19:01:22]
AdwCleaner[S0].txt - [28490 octets] - [25/01/2015 19:02:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28551 octets] ##########

deeprybka · 25.01.2015, 19:57

Und weiter mit den nächsten Schritten...

Leo98 · 25.01.2015, 20:07

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.01.2015
Suchlauf-Zeit: 19:35:01
Logdatei: 
Administrator: Ja

Version: 0.00.0.0000
Malware Datenbank: v2015.01.25.10
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Leon

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372732
Verstrichene Zeit: 14 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Leon (administrator) on LEON-PC on 25-01-2015 20:04:42
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_06588337.lnk
ShortcutTarget: _uninst_06588337.lnk -> C:\Users\Leon\AppData\Local\Temp\_uninst_06588337.bat ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 19:13 - 2015-01-25 20:00 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 19:13 - 2015-01-25 19:13 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 19:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-25 19:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-25 19:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 19:01 - 2015-01-25 19:02 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:59 - 2015-01-25 19:00 - 02194432 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.109.exe
2015-01-25 18:28 - 2015-01-25 18:28 - 00033662 _____ () C:\Users\Leon\Desktop\Addition.txt
2015-01-25 18:27 - 2015-01-25 20:04 - 00018574 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-01-25 18:27 - 2015-01-25 20:04 - 00000000 ____D () C:\FRST
2015-01-25 18:23 - 2015-01-25 18:24 - 02129920 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-01-25 15:43 - 2015-01-25 15:43 - 04087472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-06 19:51 - 2015-01-25 15:26 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-06 19:47 - 2015-01-25 15:23 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2015-01-01 17:47 - 2015-01-01 17:47 - 00000000 ____D () C:\Users\Leon\AppData\Local\Introversion
2014-12-31 16:49 - 2014-12-31 17:08 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\eve Updater
2014-12-31 16:49 - 2014-12-31 16:49 - 00165959 _____ () C:\Users\Leon\Downloads\HUD Updater v1.6.zip
2014-12-31 16:47 - 2014-12-31 16:47 - 06877067 _____ () C:\Users\Leon\Downloads\tr_walkway_rc2.rar
2014-12-31 16:47 - 2014-12-31 16:47 - 00724453 _____ () C:\Users\Leon\Downloads\eve_hud_v354.zip
2014-12-30 21:07 - 2014-12-30 21:38 - 167127408 _____ () C:\Users\Leon\Downloads\setup_11.0.3.8.x01_2014_12_30_21_35.exe
2014-12-30 20:39 - 2014-12-30 20:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Leon\Downloads\sh-remover.exe
2014-12-30 20:13 - 2014-12-30 20:13 - 00775968 _____ (Reimage®) C:\Users\Leon\Downloads\ReimageRepair (1).exe
2014-12-30 20:12 - 2014-12-30 20:12 - 00775968 _____ (Reimage®) C:\Users\Leon\Downloads\ReimageRepair.exe
2014-12-30 19:52 - 2014-12-30 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-30 19:29 - 2014-12-30 19:29 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 __SHD () C:\Users\Leon\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:03 - 2013-11-26 19:08 - 01291475 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 20:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 20:02 - 2014-03-10 15:40 - 00000000 __RDO () C:\Users\Leon\SkyDrive
2015-01-25 20:02 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-01-25 20:01 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-01-25 20:01 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-25 20:00 - 2014-04-12 16:32 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 20:00 - 2013-08-22 15:46 - 00342885 _____ () C:\WINDOWS\setupact.log
2015-01-25 19:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 19:58 - 2013-09-29 20:05 - 00075126 _____ () C:\WINDOWS\PFRO.log
2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-25 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 19:47 - 2014-04-12 16:32 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 19:45 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-01-25 19:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-25 19:33 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-01-25 19:02 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon
2015-01-25 19:01 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-01-25 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 18:26 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-01-25 18:12 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-01-25 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-25 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-25 15:22 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-01-19 22:32 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 19:59 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-09 19:59 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-09 19:59 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-02 13:10 - 2014-01-08 19:20 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\.minecraft
2014-12-31 19:15 - 2014-06-29 17:02 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Bioshock
2014-12-31 12:14 - 2012-11-04 12:43 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 21:48 - 2014-09-25 15:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-30 19:52 - 2014-03-19 15:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 19:52 - 2013-12-18 16:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 19:13 - 2014-12-15 20:38 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Dropbox
2014-12-30 19:07 - 2014-12-15 20:43 - 00000000 ___RD () C:\Users\Leon\Dropbox

==================== Files in the root of some directories =======

2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL


Some content of TEMP:
====================
C:\Users\Leon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7vehnf.dll
C:\Users\Leon\AppData\Local\Temp\jansi-32-git-Spigot-1649.dll
C:\Users\Leon\AppData\Local\Temp\ose00000.exe
C:\Users\Leon\AppData\Local\Temp\Quarantine.exe
C:\Users\Leon\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Leon\AppData\Local\Temp\SHSetup.exe
C:\Users\Leon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leon\AppData\Local\Temp\sqlite3.dll
C:\Users\Leon\AppData\Local\Temp\sqlite3.exe
C:\Users\Leon\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 19:33

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Leon at 2015-01-25 20:06:05
Running from C:\Users\Leon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version:  - Giants Software)
Free MP4 Video Converter version 5.0.45.716 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{B16A196A-B3C9-4C19-A968-59365071A39F}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2382863035-827234180-2916811482-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

28-12-2014 17:51:00 Geplanter Prüfpunkt
07-01-2015 10:57:15 Geplanter Prüfpunkt
20-01-2015 18:14:31 Windows Update
25-01-2015 16:31:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-05-07 18:42 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06E8512C-20BF-4399-BD2A-B072A502672F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {08FD8D94-C398-49C1-AA51-733B384E259A} - System32\Tasks\{823F7D7D-FBED-45B8-A935-5DDD590C629B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {0D8E31FB-D4D4-4446-BC6F-1BA95589E585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {13463012-30B6-4247-BC02-37FE5C00DF48} - System32\Tasks\{CF902354-A649-4A7E-8190-4A65E8788D8E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.105/de/go/help.faq.installer?LastError=1638
Task: {21628CDA-9EFC-445A-8633-2CEFAEE7ADE9} - \Updater5060.exe No Task File <==== ATTENTION
Task: {33611046-8A30-4F36-A146-D93BDF4E2628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4DFB4040-1E24-422D-AD64-AF82AFC2453D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {6C9F9837-99E9-4BB1-9256-0DF14358EA34} - System32\Tasks\{41A37D8F-AC88-4B51-83E1-6EE3A1645E1F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7E9133CC-A1CF-451D-9355-3F0F0714820B} - System32\Tasks\{8220E3CD-8ED9-40FE-A47B-1BE841A7DD74} => pcalua.exe -a C:\Users\Leon\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=adks <==== ATTENTION
Task: {983C2AD4-693E-4541-B5F0-6613FD1F3B8B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {B7AD99B7-8510-437B-B10C-2FB36F757695} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {CF8CA595-F4C4-488A-B1BF-21D3678AA0FC} - System32\Tasks\{385F51D0-3B19-4913-88F1-85B409FAD9D8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1638
Task: {E97BA326-3D8F-4DA2-83FF-EC8C0F192394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {FB9E6523-1996-4EF3-BBEE-D53F54B393A6} - System32\Tasks\{F659F721-3DBD-4186-AFA6-06C5F2084EEB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {FBB214C2-16EF-4B61-A9D5-ED94A382D2C6} - System32\Tasks\{0B169B13-5F71-4518-A9DE-5A3487767D32} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-26 19:08 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Leon\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Leon\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2382863035-827234180-2916811482-500 - Administrator - Disabled)
Gast (S-1-5-21-2382863035-827234180-2916811482-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2382863035-827234180-2916811482-1006 - Limited - Enabled)
Leon (S-1-5-21-2382863035-827234180-2916811482-1001 - Administrator - Enabled) => C:\Users\Leon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 08:00:17 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:05:04 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:01:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x1774
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/25/2015 06:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/25/2015 06:01:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x710
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/25/2015 03:20:58 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/20/2015 09:34:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/20/2015 09:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 1.7.321.0, Zeitstempel: 0x52f17b5b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec0b4
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (01/20/2015 09:34:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x1a50
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (01/20/2015 06:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fdc

Startzeit: 01d034d486f22864

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 7d998a08-a0c8-11e4-bec3-742f68a90081

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (01/25/2015 07:59:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 07:06:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/25/2015 07:06:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/25/2015 07:04:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 07:02:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/25/2015 08:00:17 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:05:04 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:01:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b177401d038c5cc30c266C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll213e921f-a4bc-11e4-bec4-8c89a57ccf91

Error: (01/25/2015 06:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b12b801d038c5befaa777C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll03d61849-a4b9-11e4-bec4-8c89a57ccf91

Error: (01/25/2015 06:01:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b71001d038c07f6f8637C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllcb125715-a4b3-11e4-bec4-8c89a57ccf91

Error: (01/25/2015 03:20:58 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/20/2015 09:34:42 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (01/20/2015 09:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe1.7.321.052f17b5bKERNELBASE.dll6.3.9600.1727853eebd22c000014200000000000ec0b493801d034f084f90855C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dllc2a59440-a0e3-11e4-bec3-742f68a90081

Error: (01/20/2015 09:34:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b1a5001d034e1bc337b38C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllb9907c90-a0e3-11e4-bec3-742f68a90081

Error: (01/20/2015 06:19:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031fdc01d034d486f228644294967295C:\WINDOWS\syswow64\wwahost.exe7d998a08-a0c8-11e4-bec3-742f68a90081Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 12:33:18.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 21:17:08.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 20:23:12.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-18 20:44:25.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:53.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:52.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 19:49:40.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 19:12:19.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4077.64 MB
Available physical RAM: 2175.64 MB
Total Pagefile: 5229.64 MB
Available Pagefile: 3000.06 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1433.3 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

deeprybka · 25.01.2015, 20:11

Gut.

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Leo98 · 25.01.2015, 21:54

Wenn ich dieses Programm ausführe wird bei 100% der Initialisierung ein "unerwarteter Fehler 2002" angezeigt!

deeprybka · 25.01.2015, 22:00

Dann halt Plan B...

Schritt 1

Download

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der animierten Bildanleitung, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

Leo98 · 26.01.2015, 14:49

Code:

ATTFilter

Emsisoft Emergency Kit - Version 9.0
Letztes Update: 25.01.2015 22:07:30
Benutzerkonto: LEON-PC\Leon

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:	25.01.2015 22:07:45
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL 	gefunden: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} 	gefunden: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546} 	gefunden: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} 	gefunden: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE 	gefunden: Application.AdImage (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2382863035-827234180-2916811482-1001\SOFTWARE\SMARTBAR 	gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir 	gefunden: Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe.vir 	gefunden: Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll.vir 	gefunden: Gen:Application.Heur.Ly9@mCGH7Wei (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe.vir 	gefunden: Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Uninstall.exe.vir -> (NSIS o) -> lzma_solid_nsis0010 	gefunden: Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir 	gefunden: Application.Win64.SProtect (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir 	gefunden: Application.Generic.861022 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir 	gefunden: Application.Bundler.HG (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir 	gefunden: Application.Generic.907583 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir 	gefunden: Adware.Agent.OFO (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir 	gefunden: Adware.SearchProtect.H (B)
C:\AdwCleaner\Quarantine\C\Users\Leon\AppData\Local\genienext\nengine.dll.vir 	gefunden: Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Users\Leon\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir 	gefunden: Adware.DealPly.AL (B)
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}w64.sys.vir 	gefunden: Adware.SwiftBrowse.BV (B)
C:\Users\Leon\AppData\Local\Temp\8328721\QB\dca33434bb763301.klq -> (Quarantine-6) 	gefunden: Gen:Variant.Adware.NewNextMe.1 (B)
C:\Users\Leon\Downloads\ReimageRepair (1).exe 	gefunden: Application.Win32.AdImage (A)
C:\Users\Leon\Downloads\ReimageRepair.exe 	gefunden: Application.Win32.AdImage (A)
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll 	gefunden: Gen:Adware.Heur.im9@gbzzX1i (B)

Gescannt	347239
Gefunden	33

Scan Ende:	25.01.2015 23:42:19
Scan Zeit:	1:34:34

C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll	Quarantäne Gen:Adware.Heur.im9@gbzzX1i (B)
C:\Users\Leon\Downloads\ReimageRepair.exe	Quarantäne Application.Win32.AdImage (A)
C:\Users\Leon\Downloads\ReimageRepair (1).exe	Quarantäne Application.Win32.AdImage (A)
C:\Users\Leon\AppData\Local\Temp\8328721\QB\dca33434bb763301.klq	Quarantäne Gen:Variant.Adware.NewNextMe.1 (B)
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}w64.sys.vir	Quarantäne Adware.SwiftBrowse.BV (B)
C:\AdwCleaner\Quarantine\C\Users\Leon\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir	Quarantäne Adware.DealPly.AL (B)
C:\AdwCleaner\Quarantine\C\Users\Leon\AppData\Local\genienext\nengine.dll.vir	Quarantäne Adware.Win32.Agent (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir	Quarantäne Adware.SearchProtect.H (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir	Quarantäne Adware.Agent.OFO (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir	Quarantäne Application.Generic.907583 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir	Quarantäne Application.Bundler.HG (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir	Quarantäne Application.Generic.861022 (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir	Quarantäne Application.Win64.SProtect (A)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Uninstall.exe.vir	Quarantäne Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.exe.vir	Quarantäne Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll.vir	Quarantäne Gen:Application.Heur.Ly9@mCGH7Wei (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Savings Sidekick\Savings Sidekick-bg.exe.vir	Quarantäne Adware.Agent.NNP (B)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir	Quarantäne Adware.Win32.Agent (A)
Key: HKEY_USERS\S-1-5-21-2382863035-827234180-2916811482-1001\SOFTWARE\SMARTBAR	Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE	Quarantäne Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}	Quarantäne Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}	Quarantäne Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}	Quarantäne Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL	Quarantäne Application.AdImage (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)

Quarantäne	28

Könnten sie mir dann vielleicht noch erklären, wie man diese ganzen programme wieder richtig deinstalliert?

deeprybka · 26.01.2015, 18:29

Machen wir alles am Ende...

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Leo98 · 26.01.2015, 19:00

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Leon (administrator) on LEON-PC on 26-01-2015 18:56:24
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_06588337.lnk
ShortcutTarget: _uninst_06588337.lnk -> C:\Users\Leon\AppData\Local\Temp\_uninst_06588337.bat ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 22:06 - 2015-01-25 22:06 - 00000759 _____ () C:\Users\Leon\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK
2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe
2015-01-25 19:13 - 2015-01-26 17:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 19:13 - 2015-01-25 19:13 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 19:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-25 19:13 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-25 19:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 19:01 - 2015-01-25 19:02 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:59 - 2015-01-25 19:00 - 02194432 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.109.exe
2015-01-25 18:28 - 2015-01-25 20:06 - 00039147 _____ () C:\Users\Leon\Desktop\Addition.txt
2015-01-25 18:27 - 2015-01-26 18:56 - 00018598 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-01-25 18:27 - 2015-01-26 18:56 - 00000000 ____D () C:\FRST
2015-01-25 18:23 - 2015-01-25 18:24 - 02129920 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-01-25 15:43 - 2015-01-25 15:43 - 04087472 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-06 19:51 - 2015-01-25 15:26 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-06 19:47 - 2015-01-25 15:23 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2015-01-01 17:47 - 2015-01-01 17:47 - 00000000 ____D () C:\Users\Leon\AppData\Local\Introversion
2014-12-31 16:49 - 2014-12-31 17:08 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\eve Updater
2014-12-31 16:49 - 2014-12-31 16:49 - 00165959 _____ () C:\Users\Leon\Downloads\HUD Updater v1.6.zip
2014-12-31 16:47 - 2014-12-31 16:47 - 06877067 _____ () C:\Users\Leon\Downloads\tr_walkway_rc2.rar
2014-12-31 16:47 - 2014-12-31 16:47 - 00724453 _____ () C:\Users\Leon\Downloads\eve_hud_v354.zip
2014-12-30 21:07 - 2014-12-30 21:38 - 167127408 _____ () C:\Users\Leon\Downloads\setup_11.0.3.8.x01_2014_12_30_21_35.exe
2014-12-30 20:39 - 2014-12-30 20:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Leon\Downloads\sh-remover.exe
2014-12-30 19:52 - 2014-12-30 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-30 19:29 - 2014-12-30 19:29 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-30 19:29 - 2014-12-30 19:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-29 21:28 - 2014-12-29 21:28 - 00000000 __SHD () C:\Users\Leon\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 18:47 - 2014-04-12 16:32 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 18:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 18:41 - 2013-11-26 19:08 - 01591704 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 18:33 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-01-26 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-26 17:21 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-01-26 17:21 - 2014-04-12 16:32 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 17:21 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive
2015-01-26 17:21 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-01-26 17:21 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-25 20:13 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-01-25 20:03 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-25 20:00 - 2013-08-22 15:46 - 00342885 _____ () C:\WINDOWS\setupact.log
2015-01-25 19:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 19:58 - 2013-09-29 20:05 - 00075126 _____ () C:\WINDOWS\PFRO.log
2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-25 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 19:45 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-01-25 19:02 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon
2015-01-25 19:01 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-01-25 18:26 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-01-25 18:12 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-01-25 16:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-25 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-19 22:32 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 19:59 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-09 19:59 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-09 19:59 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-02 13:10 - 2014-01-08 19:20 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\.minecraft
2014-12-31 19:15 - 2014-06-29 17:02 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Bioshock
2014-12-31 12:14 - 2012-11-04 12:43 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-30 21:48 - 2014-09-25 15:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-30 19:52 - 2014-03-19 15:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-30 19:52 - 2013-12-18 16:13 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 19:13 - 2014-12-15 20:38 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Dropbox
2014-12-30 19:07 - 2014-12-15 20:43 - 00000000 ___RD () C:\Users\Leon\Dropbox

==================== Files in the root of some directories =======

2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL


Some content of TEMP:
====================
C:\Users\Leon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7vehnf.dll
C:\Users\Leon\AppData\Local\Temp\jansi-32-git-Spigot-1649.dll
C:\Users\Leon\AppData\Local\Temp\ose00000.exe
C:\Users\Leon\AppData\Local\Temp\Quarantine.exe
C:\Users\Leon\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Leon\AppData\Local\Temp\SHSetup.exe
C:\Users\Leon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leon\AppData\Local\Temp\sqlite3.dll
C:\Users\Leon\AppData\Local\Temp\sqlite3.exe
C:\Users\Leon\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 20:14

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Leon at 2015-01-26 18:57:15
Running from C:\Users\Leon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version:  - Giants Software)
Free MP4 Video Converter version 5.0.45.716 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{B16A196A-B3C9-4C19-A968-59365071A39F}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2382863035-827234180-2916811482-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

07-01-2015 10:57:15 Geplanter Prüfpunkt
20-01-2015 18:14:31 Windows Update
25-01-2015 16:31:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-05-07 18:42 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	jiflcpcpeoojndcdlmhkegpekkiabgem

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06E8512C-20BF-4399-BD2A-B072A502672F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {08FD8D94-C398-49C1-AA51-733B384E259A} - System32\Tasks\{823F7D7D-FBED-45B8-A935-5DDD590C629B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {0D8E31FB-D4D4-4446-BC6F-1BA95589E585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {13463012-30B6-4247-BC02-37FE5C00DF48} - System32\Tasks\{CF902354-A649-4A7E-8190-4A65E8788D8E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.105/de/go/help.faq.installer?LastError=1638
Task: {21628CDA-9EFC-445A-8633-2CEFAEE7ADE9} - \Updater5060.exe No Task File <==== ATTENTION
Task: {33611046-8A30-4F36-A146-D93BDF4E2628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4DFB4040-1E24-422D-AD64-AF82AFC2453D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {6C9F9837-99E9-4BB1-9256-0DF14358EA34} - System32\Tasks\{41A37D8F-AC88-4B51-83E1-6EE3A1645E1F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {7E9133CC-A1CF-451D-9355-3F0F0714820B} - System32\Tasks\{8220E3CD-8ED9-40FE-A47B-1BE841A7DD74} => pcalua.exe -a C:\Users\Leon\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=adks <==== ATTENTION
Task: {983C2AD4-693E-4541-B5F0-6613FD1F3B8B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {CF8CA595-F4C4-488A-B1BF-21D3678AA0FC} - System32\Tasks\{385F51D0-3B19-4913-88F1-85B409FAD9D8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1638
Task: {D333A407-8DCE-42DF-B76A-14A5D6117409} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {E97BA326-3D8F-4DA2-83FF-EC8C0F192394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {FB9E6523-1996-4EF3-BBEE-D53F54B393A6} - System32\Tasks\{F659F721-3DBD-4186-AFA6-06C5F2084EEB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {FBB214C2-16EF-4B61-A9D5-ED94A382D2C6} - System32\Tasks\{0B169B13-5F71-4518-A9DE-5A3487767D32} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-26 19:08 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-07-30 10:38 - 2014-07-30 10:38 - 00121363 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02524691 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00713235 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00034323 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 12501523 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01470995 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00070163 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02376211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00106515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00263699 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00080915 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00051219 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00608275 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01022995 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00125459 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00043539 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00140307 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 02218003 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00318995 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00058387 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00043027 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00190995 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01739283 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00091667 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00071187 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00081939 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00028179 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00085523 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01261075 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00126483 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00152595 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00039955 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00079891 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00091155 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00341011 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01505811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00330771 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00417811 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00230931 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01745427 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00192019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00833555 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00031763 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00218643 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 11244051 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00857107 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00028179 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00701459 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00121875 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00032787 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00057363 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00139795 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00186387 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00081939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 01506835 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00016915 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00072211 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-30 10:38 - 2014-07-30 10:38 - 00029715 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-16 12:50 - 2014-09-04 04:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Leon\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Leon\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2382863035-827234180-2916811482-500 - Administrator - Disabled)
Gast (S-1-5-21-2382863035-827234180-2916811482-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2382863035-827234180-2916811482-1006 - Limited - Enabled)
Leon (S-1-5-21-2382863035-827234180-2916811482-1001 - Administrator - Enabled) => C:\Users\Leon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 11:24:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1278

Startzeit: 01d038ec45147cf6

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: ebb74988-a4e0-11e4-bec6-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/25/2015 08:25:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/25/2015 08:25:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/25/2015 08:25:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/25/2015 08:24:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/25/2015 08:18:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3ac

Startzeit: 01d038d2ffcf03df

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: f35778cd-a4c6-11e4-bec6-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (01/25/2015 08:18:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1054

Startzeit: 01d038d144530aa9

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: f34929f5-a4c6-11e4-bec6-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/25/2015 08:00:17 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:05:04 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:01:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0x1774
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5


System errors:
=============
Error: (01/25/2015 07:59:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 07:06:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/25/2015 07:06:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/25/2015 07:04:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 07:03:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 07:02:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/25/2015 11:24:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689127801d038ec45147cf64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeebb74988-a4e0-11e4-bec6-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/25/2015 08:25:25 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Leon\Desktop\esetsmartinstaller_deu.exe

Error: (01/25/2015 08:25:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Leon\Desktop\esetsmartinstaller_deu.exe

Error: (01/25/2015 08:25:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Leon\Desktop\esetsmartinstaller_deu.exe

Error: (01/25/2015 08:24:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Leon\Desktop\esetsmartinstaller_deu.exe

Error: (01/25/2015 08:18:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170313ac01d038d2ffcf03df4294967295C:\WINDOWS\syswow64\wwahost.exef35778cd-a4c6-11e4-bec6-8c89a57ccf91Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (01/25/2015 08:18:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689105401d038d144530aa94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef34929f5-a4c6-11e4-bec6-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/25/2015 08:00:17 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:05:04 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (01/25/2015 07:01:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0b177401d038c5cc30c266C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll213e921f-a4bc-11e4-bec4-8c89a57ccf91


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 12:33:18.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 21:17:08.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 20:23:12.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-18 20:44:25.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:53.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:52.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 19:49:40.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 19:12:19.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-18 21:34:33.441
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 45%
Total physical RAM: 4077.64 MB
Available physical RAM: 2233.57 MB
Total Pagefile: 6062.16 MB
Available Pagefile: 3412.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1443.98 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Nein bis jetzt habe ich keine Probleme mehr ich danke ihnen für ihre Geduld und geopferte Zeit! Aber soll ich die Programme alle wieder deinstallieren? Wenn ja wie mache ich dies richtig und vollständig?

25.01.2015, 19:57	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Windows 8: PC komplett virenfrei machen! Und weiter mit den nächsten Schritten... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Windows 8: PC komplett virenfrei machen!

Plagegeister aller Art und deren Bekämpfung: Windows 8: PC komplett virenfrei machen!