|
Plagegeister aller Art und deren Bekämpfung: Entfernung nerviger Programme!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.02.2015, 18:03 | #1 |
| Entfernung nerviger Programme! Hallo, oh man ich glaube ich hab es mal wieder versch****!!! Ich habe ausversehen auf einen link gedrückt und plötzlich hat mein PC mehrere Programme installiert, ohne dass ein Browser oder ein Programm geöffnet war. Seitdem habe ich wiedereinmal eine komische Startseite in meinem Browser Google Chrome!! Ich habe versucht allesmögliche über die Systemsteuerungen zu deinstallieren aber ich hab immer noch das Browser Problem! |
10.02.2015, 18:06 | #2 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
10.02.2015, 18:21 | #3 |
| Entfernung nerviger Programme!FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Leon (administrator) on LEON-PC on 10-02-2015 18:18:58 Running from C:\Users\Leon\Desktop Loaded Profiles: Leon (Available profiles: Leon) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) HKLM-x32\...\Run: [mbot_de_493] => [X] HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms} BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26] CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26] CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-10] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-10] (globalUpdate) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-10] (SysTool PasSame LIMITED) S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X] S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 18:18 - 2015-02-10 18:19 - 00021988 _____ () C:\Users\Leon\Desktop\FRST.txt 2015-02-10 18:18 - 2015-02-10 18:19 - 00000000 ____D () C:\FRST 2015-02-10 18:18 - 2015-02-10 18:18 - 02132992 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe 2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434} 2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D} 2015-02-10 17:11 - 2015-02-10 17:17 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\omiga-plus 2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-02-10 17:06 - 2015-02-10 17:06 - 00000000 ____D () C:\Program Files (x86)\predm 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software 2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-10 17:02 - 2015-02-10 17:02 - 00000000 ____D () C:\Program Files (x86)\mbot_de_497 2015-02-10 17:01 - 2015-02-10 17:21 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job 2015-02-10 17:01 - 2015-02-10 17:21 - 00000984 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-02-10 17:01 - 2015-02-10 17:06 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-02-10 17:01 - 2015-02-10 17:01 - 01989592 _____ (Cinema PlusV10.02) C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe 2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI 2015-02-10 17:01 - 2015-02-10 17:01 - 00003960 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-02-10 17:01 - 2015-02-10 17:01 - 00003724 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-02-10 17:01 - 2015-02-10 17:01 - 00000000 ____D () C:\Users\Leon\AppData\Local\globalUpdate 2015-02-10 17:01 - 2015-02-10 17:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-02-10 16:59 - 2015-02-10 17:00 - 00654880 _____ () C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe 2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm 2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk 2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk 2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk 2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk 2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren 2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk 2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-31 17:34 - 2015-01-31 17:34 - 00759608 _____ ( ) C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe 2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt 2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe 2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK 2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe 2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI 2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-10 18:13 - 2013-08-22 15:46 - 00345399 _____ () C:\WINDOWS\setupact.log 2015-02-10 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-10 17:57 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype 2015-02-10 17:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-10 17:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-10 17:42 - 2013-11-26 19:08 - 01479015 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-10 17:41 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001 2015-02-10 17:24 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive 2015-02-10 17:24 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe 2015-02-10 17:22 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi 2015-02-10 17:22 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-10 17:22 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-10 17:21 - 2013-09-29 20:05 - 00083132 _____ () C:\WINDOWS\PFRO.log 2015-02-10 17:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-10 17:21 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-10 17:20 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini 2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-10 16:48 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT 2015-02-10 16:48 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT 2015-02-10 16:33 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45} 2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon 2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc 2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe 2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe 2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe 2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele 2015-02-08 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-06 21:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help 2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule 2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI 2015-02-10 17:01 - 2015-02-10 17:01 - 1989592 _____ (Cinema PlusV10.02) C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe 2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT 2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe 2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe 2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Leon\AppData\Local\Temp\ksjdr8nb.dll C:\Users\Leon\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Leon\AppData\Local\Temp\SpOrder.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-10 17:42 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Leon at 2015-02-10 18:19:49 Running from C:\Users\Leon\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston) BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CodeBlocks (HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team) Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version: - Giants Software) Free MP4 Video Converter version 5.0.45.716 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 6000 E609 Series (HKLM\...\{B16A196A-B3C9-4C19-A968-59365071A39F}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6) Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software) Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation) Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2382863035-827234180-2916811482-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 26-01-2015 19:44:57 Ende der Bereinigung 01-02-2015 14:09:54 Windows Update 06-02-2015 21:22:42 Windows Update 08-02-2015 21:05:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 08-02-2015 21:06:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 10-02-2015 16:50:33 Removed Microsoft Office Professional Plus 2010 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2015-01-26 19:28 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01C299DB-AFC2-46DF-BB3F-A2B525A64596} - System32\Tasks\ACQUPTNI => C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe [2015-02-10] (Cinema PlusV10.02) <==== ATTENTION Task: {06E8512C-20BF-4399-BD2A-B072A502672F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {08FD8D94-C398-49C1-AA51-733B384E259A} - System32\Tasks\{823F7D7D-FBED-45B8-A935-5DDD590C629B} => pcalua.exe -a F:\setup.exe -d F:\ Task: {0D8E31FB-D4D4-4446-BC6F-1BA95589E585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {112B9B09-623B-4AB1-9703-57B456BE507C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-10] (globalUpdate) <==== ATTENTION Task: {13463012-30B6-4247-BC02-37FE5C00DF48} - System32\Tasks\{CF902354-A649-4A7E-8190-4A65E8788D8E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.105/de/go/help.faq.installer?LastError=1638 Task: {237692C9-7361-4A22-9EB5-AB0268093EF0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-10] (globalUpdate) <==== ATTENTION Task: {33611046-8A30-4F36-A146-D93BDF4E2628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {40B89F98-CC97-4BE1-A22E-FAA00CF8DA0A} - System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434} => pcalua.exe -a C:\Users\Leon\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=pcs <==== ATTENTION Task: {4DFB4040-1E24-422D-AD64-AF82AFC2453D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.) Task: {6C9F9837-99E9-4BB1-9256-0DF14358EA34} - System32\Tasks\{41A37D8F-AC88-4B51-83E1-6EE3A1645E1F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638 Task: {983C2AD4-693E-4541-B5F0-6613FD1F3B8B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe Task: {C38D43EB-0EFD-4D73-B0ED-D9BE37820A8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-01] (Microsoft Corporation) Task: {C65826B8-E311-49F8-BE15-12ACA0203B9A} - System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe" Task: {CF8CA595-F4C4-488A-B1BF-21D3678AA0FC} - System32\Tasks\{385F51D0-3B19-4913-88F1-85B409FAD9D8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&LastError=1638 Task: {E97BA326-3D8F-4DA2-83FF-EC8C0F192394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.) Task: {FB9E6523-1996-4EF3-BBEE-D53F54B393A6} - System32\Tasks\{F659F721-3DBD-4186-AFA6-06C5F2084EEB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638 Task: {FBB214C2-16EF-4B61-A9D5-ED94A382D2C6} - System32\Tasks\{0B169B13-5F71-4518-A9DE-5A3487767D32} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0 Task: C:\WINDOWS\Tasks\ACQUPTNI.job => C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-11-26 19:08 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll 2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL 2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2014-11-27 18:47 - 2014-11-27 18:47 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-29 18:16 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 18:16 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 18:16 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-29 18:16 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2013-07-01 07:20 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 17:41 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2014-05-22 17:34 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll 2015-01-20 17:41 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 17:41 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-08-29 18:16 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2013-07-09 16:56 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll 2013-07-09 12:45 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll 2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll 2015-02-06 21:40 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 21:40 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 21:40 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Leon\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Leon\SkyDrive.old:ms-properties AlternateDataStreams: C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe:typelib ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Leon\Pictures\Von Leon Phone\Eigene Aufnahmen\star_wars_fiction_planet-wallpaper-1920x1080.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2382863035-827234180-2916811482-500 - Administrator - Disabled) Gast (S-1-5-21-2382863035-827234180-2916811482-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2382863035-827234180-2916811482-1006 - Limited - Enabled) Leon (S-1-5-21-2382863035-827234180-2916811482-1001 - Administrator - Enabled) => C:\Users\Leon ==================== Faulty Device Manager Devices ============= Name: Photosmart Plus B210 series Description: Photosmart Plus B210 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/10/2015 05:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf0 Startzeit: 01d045507cc45855 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 6a987640-b144-11e4-beca-8c89a57ccf91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/10/2015 05:21:47 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error: (02/10/2015 05:05:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: upmbot_de_493.exe, Version: 1.0.0.1, Zeitstempel: 0x54d48f0f Name des fehlerhaften Moduls: upmbot_de_493.exe, Version: 1.0.0.1, Zeitstempel: 0x54d48f0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000a2a0 ID des fehlerhaften Prozesses: 0x980 Startzeit der fehlerhaften Anwendung: 0xupmbot_de_493.exe0 Pfad der fehlerhaften Anwendung: upmbot_de_493.exe1 Pfad des fehlerhaften Moduls: upmbot_de_493.exe2 Berichtskennung: upmbot_de_493.exe3 Vollständiger Name des fehlerhaften Pakets: upmbot_de_493.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: upmbot_de_493.exe5 Error: (02/10/2015 05:01:11 PM) (Source: MsiInstaller) (EventID: 11309) (User: LEON-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (02/10/2015 04:41:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c94 Startzeit: 01d0454657a30194 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 57639438-b13b-11e4-bec9-8c89a57ccf91 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/10/2015 04:32:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm AfterFX.exe, Version 13.2.0.49 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 148c Startzeit: 01d045468c9f2697 Endzeit: 16 Anwendungspfad: C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe Berichts-ID: f4c10deb-b139-11e4-bec9-8c89a57ccf91 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15546 Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15546 Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 06:22:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(D07A244F22968FC2._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network. System errors: ============= Error: (02/10/2015 05:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Post Restricted Access" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/10/2015 05:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "JO Service component" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/10/2015 05:21:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/10/2015 05:13:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "GnsPuZPv" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/08/2015 02:08:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/08/2015 02:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062 Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC) Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Microsoft Office Sessions: ========================= Error: (02/10/2015 05:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20689cf001d045507cc458554294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6a987640-b144-11e4-beca-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/10/2015 05:21:47 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args) Error: (02/10/2015 05:05:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: upmbot_de_493.exe1.0.0.154d48f0fupmbot_de_493.exe1.0.0.154d48f0fc00000050000a2a098001d0454b54ef5305C:\Users\Leon\AppData\Local\mbot_de_493\upmbot_de_493.exeC:\Users\Leon\AppData\Local\mbot_de_493\upmbot_de_493.exe92e6815f-b13e-11e4-bec9-8c89a57ccf91 Error: (02/10/2015 05:01:11 PM) (Source: MsiInstaller) (EventID: 11309) (User: LEON-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (02/10/2015 04:41:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.206891c9401d0454657a301944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe57639438-b13b-11e4-bec9-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (02/10/2015 04:32:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: AfterFX.exe13.2.0.49148c01d045468c9f269716C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exef4c10deb-b139-11e4-bec9-8c89a57ccf91 Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15546 Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15546 Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 06:22:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(D07A244F22968FC2._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network. CodeIntegrity Errors: =================================== Date: 2015-02-08 17:08:20.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 16:45:45.286 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-26 19:55:02.509 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 12:33:18.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-30 21:17:08.175 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-30 20:23:12.813 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-18 20:44:25.696 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-15 20:45:53.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-15 20:45:52.912 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-12-01 19:49:40.713 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz Percentage of memory in use: 39% Total physical RAM: 4077.64 MB Available physical RAM: 2451.35 MB Total Pagefile: 5485.64 MB Available Pagefile: 2907.22 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1422.75 GB) NTFS Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
11.02.2015, 07:07 | #4 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme! Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.02.2015, 14:56 | #5 |
| Entfernung nerviger Programme!Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.02.2015 Suchlauf-Zeit: 14:25:15 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.11.04 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Leon Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 365602 Verstrichene Zeit: 13 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1420, Löschen bei Neustart, [e82a1a00d1b9c571edd97ceab54b6a96] PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1712, Löschen bei Neustart, [aa68b169404a94a244f155b5847ee11f] Module: 2 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], Registrierungsschlüssel: 39 PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [e82a1a00d1b9c571edd97ceab54b6a96], PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [aa68b169404a94a244f155b5847ee11f], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [6ea40f0b1575bd79ab5936d36e956997], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [6ea40f0b1575bd79ab5936d36e956997], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [15fdbf5bec9e999dfb4b0d82a063f10f], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [c74bcf4ba9e1c175186144623ec50bf5], PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, In Quarantäne, [de3441d9aedc270f615c976aba4bf010], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [060cf624b2d8e353dbcc9f6ade279a66], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [fb178199c8c271c5f9fd9517c043dd23], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [838faa70078394a2a9be5eae59acda26], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [d43e8397a1e9191da2c60408ac59af51], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [a2709a80d0bac67025ed55501de6cf31], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [17fbd149ddad7abcc186f2a8e2219868], PUP.Optional.Cinema.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV10.02-nv-ie, In Quarantäne, [33dfa67453374ee8d148ffa53cc7e11f], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [957dac6e216977bf871203097e87e020], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [fc1627f30a8059dda0601ce2b054df21], PUP.Optional.MultiIE.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [ef231901a3e763d3998532d5ad58d62a], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], Registrierungswerte: 3 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [fb178199c8c271c5f9fd9517c043dd23] PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_493, In Quarantäne, [30e20614f892f5412c4ca204a16249b7], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, pcs, In Quarantäne, [a2709a80d0bac67025ed55501de6cf31] Registrierungsdaten: 10 PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[2de576a4a4e691a5ee0e823ad92ce917] PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[7d95b5657119c1754eb078443acb8e72] PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[2ee4d842f4968caa9766dddfb94c3cc4] PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[80920911f2983105a854ceee4cb926da] PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[8f83ed2d6f1bf442d32b823a9f6650b0] PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[ff13a07ac4c6f93d25dc77465ca97b85] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[4bc79882d8b2c175d140b5fa54b1827e] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[59b947d32b5fa98d3dbaa21a65a0ce32] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[848ef822eaa084b2b83e4d6f887dc937] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[888a5cbe602ab2842de31b942adbdc24] Ordner: 39 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [54be20fab4d64ee8e9be2246b54e916f], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [54be20fab4d64ee8e9be2246b54e916f], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{52133EA5-B373-4E97-9ED2-EC7227020265}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_497, In Quarantäne, [0a08ac6e3f4b2115f431056b778cdd23], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], Dateien: 119 PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [e82a1a00d1b9c571edd97ceab54b6a96], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [aa68b169404a94a244f155b5847ee11f], PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], PUP.Optional.CrossRider.A, C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe, In Quarantäne, [ea28a1790c7ea78fb41c31bc60a530d0], PUP.Optional.WindowsProtectManger.A, C:\Users\Leon\AppData\Local\Temp\~dlAD12\lxjyb\tmp\wpm_v20.0.0.1714_0204.exe, In Quarantäne, [5db5100ae6a4320417afb0b616ea18e8], PUP.Optional.XTab.A, C:\Users\Leon\AppData\Local\Temp\~dlAD12\lxjyb\tmp\XTab_4.0.2.1716.exe, In Quarantäne, [27eb9c7ee6a4af872f06997123df01ff], PUP.Optional.Amonetize, C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe, In Quarantäne, [d141a1798cfef73fd7963fd6877ba65a], PUP.Optional.OptimizerMonitor.A, C:\Windows\Temp\OptimizerMonitor.log, In Quarantäne, [e82a91892b5f122476e929626a991ae6], PUP.Optional.OptimizerMonitor.A, C:\Users\Leon\AppData\Local\Temp\OptimizerMonitorr.log, In Quarantäne, [3fd354c6147605311b452e5d0df650b0], PUP.Optional.OptimizerMonitor.A, C:\Windows\Temp\OptimizerMonitorr.log, In Quarantäne, [51c10e0c27638babfb652368669d09f7], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], PUP.Optional.BoostSaves.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [f1216eac533783b3ea0aff9320e3d42c], PUP.Optional.BoostSaves.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [d53d71a9632705317f7532605ca78779], PUP.Optional.OmigaPlus.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, In Quarantäne, [e9299981c1c94ceaedf2890bd92a45bb], PUP.Optional.OmigaPlus.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, In Quarantäne, [0b07938753377bbbfae5e6aefb0819e7], PUP.Optional.Boost.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [928065b5eaa06acc6f5ecae236cd3ac6], PUP.Optional.Boost.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [23ef5dbdeb9f93a349849b1148bbd828], PUP.Optional.ShoppingGate.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, In Quarantäne, [aa68a377dfabb87ebb1897243dc69967], PUP.Optional.ShoppingGate.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, In Quarantäne, [ea280317bcce2511e2f1556605fe9967], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [30e244d6bad01c1ac08e9d6d72934db3], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [28ea1dfd2e5c48eea2ad83872fd6f907], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [7b971a00d8b2b185b39dc2487a8bd030], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [36dccc4ea2e8350153febc4e42c346ba], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [54be20fab4d64ee8e9be2246b54e916f], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleCrashHandler.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdate.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateBroker.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateHelper.msi, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateOnDemand.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\goopdate.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\goopdateres_en.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\npGoogleUpdate4.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\psmachine.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\psuser.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 14:47:15 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-09.1 [Server] # Betriebssystem : Windows 8.1 Pro with Media Center (x64) # Benutzername : Leon - LEON-PC # Gestarted von : C:\Users\Leon\Desktop\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mipony Ordner Gelöscht : C:\Program Files (x86)\globalUpdate Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Users\Leon\AppData\Local\globalUpdate Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\omiga-plus ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\zcln Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v40.0.2214.111 [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_33_ch&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyB0C0C0FzytCtA0C0CtDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0B0A0AyBtA0AtGtB0FyByBtGzztC0BtBtGtD0Bzz0EtGtC0F0B0CyE0CzytCyE0DyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtA0FtB0C0AtDyEtGyBtDtCzztGzzzztBtCtG0AtC0D0AtGtC0C0DyDzzzyyE0AzytBzytA2Q&cr=441309099&ir= [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M193D26AD-95BD-40C1-A615-A22F4F1518D3&SearchSource=58&CUI=&UM=5&UP=SP28987AA1-9CFA-471B-B61D-240F239A1E83&q={searchTerms}&SSPV= [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} [C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms} ************************* AdwCleaner[R0].txt - [9164 Bytes] - [11/02/2015 14:45:54] AdwCleaner[S0].txt - [8586 Bytes] - [11/02/2015 14:47:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8645 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 Pro with Media Center x64 Ran by Leon on 11.02.2015 at 14:53:14,61 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.02.2015 at 14:54:54,32 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
11.02.2015, 18:15 | #6 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme!ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Entfernung nerviger Programme! |
12.02.2015, 21:29 | #7 |
| Entfernung nerviger Programme!Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=4fc6cc42748aa94f9995e6dede2d5879 # engine=22440 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-12 08:07:15 # local_time=2015-02-12 09:07:15 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 17696 14075954 0 0 # scanned=329157 # found=20 # cleaned=0 # scan_time=13724 sh=EC152DB78759E78E4D634D9222DE29C5451D3D76 ft=1 fh=f70a15741e47e0ce vn="Win32/OutBrowse.BK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe" sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll" sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll" sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe" sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx" sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll" sh=A24B9FB4F38473ECAC32B472CCE9B3491B81726C ft=1 fh=c71c0011b420df55 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe" sh=C4A83F072A746A531C277727DE017D0A3E1B9442 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js" sh=4AC8995EDD956B8C3442B0A8B2E7EE8BE4AC4BEE ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx" sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll" sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll" sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll" sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll" sh=404CCDD0C1EAD3AC4E636BB0CACF6A5B0558EDDD ft=1 fh=50f7a819ca7f850c vn="Variante von Win32/BrowserCompanion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe" sh=A0E2A4E3C4F0BFCBAC9805BABA709DD2D625B65D ft=1 fh=0505f67e965a9861 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe" sh=E7C62B2DB2C2352023E3594E74BE375EE07C4B08 ft=1 fh=740a210c344b6187 vn="Variante von Win32/Adware.ConvertAd.AA Anwendung" ac=I fn="C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\AppData\Roaming\ACQUPTNI" sh=D49BDDFF4D216D33A354DE7A38EEBD3D216DB62F ft=1 fh=6f7f43a0543eb285 vn="Variante von Win32/InstallCore.VW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe" sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe" sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Tools\MEDION MediaPack 2\Setup.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.94) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015 Ran by Leon (administrator) on LEON-PC on 12-02-2015 21:25:58 Running from C:\Users\Leon\Desktop Loaded Profiles: Leon (Available profiles: Leon) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe () C:\Users\Leon\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found] Chrome: ======= CHR HomePage: Default -> https://www.google.de/ CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26] CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26] CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X] S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 21:25 - 2015-02-12 21:25 - 00000000 ____D () C:\Users\Leon\Desktop\FRST-OlderVersion 2015-02-12 21:15 - 2015-02-12 21:15 - 00852594 _____ () C:\Users\Leon\Desktop\SecurityCheck.exe 2015-02-12 17:31 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-12 17:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-12 17:31 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files\iTunes 2015-02-12 17:18 - 2015-02-12 17:18 - 00000000 ____D () C:\Program Files\iPod 2015-02-12 17:13 - 2015-02-12 17:13 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-12 17:12 - 2015-02-12 17:13 - 02347384 _____ (ESET) C:\Users\Leon\Desktop\esetsmartinstaller_deu.exe 2015-02-11 14:58 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 14:58 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 14:58 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 14:58 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 14:58 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 14:58 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 14:58 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 14:58 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 14:58 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 14:58 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 14:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 14:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 14:58 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 14:58 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 14:58 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 14:58 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 14:58 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 14:58 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 14:58 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 14:58 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 14:57 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 14:57 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 14:57 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 14:57 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 14:57 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 14:57 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 14:57 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 14:57 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 14:57 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 14:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 14:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 14:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 14:57 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 14:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 14:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 14:57 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 14:57 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 14:57 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 14:57 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 14:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 14:57 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 14:57 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 14:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 14:57 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 14:57 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 14:57 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 14:57 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 14:57 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 14:57 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 14:57 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 14:57 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 14:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 14:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 14:57 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 14:57 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 14:57 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 14:57 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 14:57 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 14:57 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 14:57 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 14:57 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-11 14:57 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 14:57 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 14:57 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 14:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 14:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 14:57 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 14:54 - 2015-02-11 14:54 - 00000692 _____ () C:\Users\Leon\Desktop\JRT.txt 2015-02-11 14:52 - 2015-02-11 14:52 - 01388274 _____ (Thisisu) C:\Users\Leon\Desktop\JRT.exe 2015-02-11 14:45 - 2015-02-11 14:47 - 00000000 ____D () C:\AdwCleaner 2015-02-11 14:45 - 2015-02-11 14:45 - 02112512 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.110.exe 2015-02-11 14:39 - 2015-02-11 14:39 - 00033499 _____ () C:\Users\Leon\Desktop\mbam.txt 2015-02-11 14:24 - 2015-02-11 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-11 14:24 - 2015-02-11 14:24 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-11 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-11 14:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-11 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-11 14:22 - 2015-02-11 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-10 18:19 - 2015-02-10 18:20 - 00035355 _____ () C:\Users\Leon\Desktop\Addition.txt 2015-02-10 18:18 - 2015-02-12 21:25 - 02134016 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe 2015-02-10 18:18 - 2015-02-12 21:25 - 00018563 _____ () C:\Users\Leon\Desktop\FRST.txt 2015-02-10 18:18 - 2015-02-12 21:25 - 00000000 ____D () C:\FRST 2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434} 2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D} 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software 2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-10 17:01 - 2015-02-12 17:05 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job 2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI 2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm 2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk 2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk 2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk 2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk 2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren 2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk 2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-31 17:34 - 2015-01-31 17:34 - 00759608 _____ ( ) C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe 2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt 2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe 2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK 2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe 2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI 2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 21:25 - 2013-11-26 19:08 - 01302601 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-12 21:17 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45} 2015-02-12 21:11 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype 2015-02-12 21:07 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001 2015-02-12 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-12 20:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-12 20:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-12 17:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-12 17:18 - 2014-09-21 18:35 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-12 17:09 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive 2015-02-12 17:07 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi 2015-02-12 17:07 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe 2015-02-12 17:07 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-12 17:06 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-12 17:05 - 2013-08-22 15:46 - 00346092 _____ () C:\WINDOWS\setupact.log 2015-02-12 17:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-12 17:04 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-11 16:14 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-11 16:13 - 2014-12-11 17:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-11 16:13 - 2014-07-13 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-11 15:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-11 14:48 - 2013-09-29 20:05 - 00122852 _____ () C:\WINDOWS\PFRO.log 2015-02-11 14:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-10 20:46 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT 2015-02-10 20:37 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT 2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini 2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon 2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc 2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe 2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe 2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe 2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele 2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help 2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule 2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI 2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT 2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe 2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe 2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Leon\AppData\Local\Temp\ksjdr8nb.dll C:\Users\Leon\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Leon\AppData\Local\Temp\Quarantine.exe C:\Users\Leon\AppData\Local\Temp\SpOrder.dll C:\Users\Leon\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-12 21:08 ==================== End Of Log ============================ --- --- --- --- --- --- Ja also ich habe immer noch diese doofe Seite isearch.omega-plus.com auf meinem Browser als Startseite!! Ich nutze google Chrome |
13.02.2015, 07:11 | #8 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp C:\Users\Leon\AppData\Roaming\ACQUPTNI C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe D:\Tools\MEDION MediaPack 2\Setup.exe AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889 CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP" S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X] S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X] Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Was macht Chrome?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.02.2015, 21:13 | #9 |
| Entfernung nerviger Programme! FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Leon (administrator) on LEON-PC on 15-02-2015 21:11:24 Running from C:\Users\Leon\Desktop Loaded Profiles: Leon (Available profiles: Leon) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation) HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found] Chrome: ======= CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26] CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26] CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 21:25 - 2015-02-15 21:04 - 00000000 ____D () C:\Users\Leon\Desktop\FRST-OlderVersion 2015-02-12 21:15 - 2015-02-12 21:15 - 00852594 _____ () C:\Users\Leon\Desktop\SecurityCheck.exe 2015-02-12 17:31 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-12 17:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-12 17:31 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files\iTunes 2015-02-12 17:18 - 2015-02-12 17:18 - 00000000 ____D () C:\Program Files\iPod 2015-02-12 17:12 - 2015-02-12 17:13 - 02347384 _____ (ESET) C:\Users\Leon\Desktop\esetsmartinstaller_deu.exe 2015-02-11 14:58 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-11 14:58 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-11 14:58 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-11 14:58 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-11 14:58 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-11 14:58 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-11 14:58 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-11 14:58 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-11 14:58 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-11 14:58 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-11 14:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-11 14:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-11 14:58 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-11 14:58 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-11 14:58 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-11 14:58 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-11 14:58 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-11 14:58 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-11 14:58 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-11 14:58 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-02-11 14:57 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-11 14:57 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-11 14:57 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-11 14:57 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-11 14:57 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-11 14:57 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-11 14:57 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-11 14:57 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-11 14:57 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-11 14:57 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-11 14:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-11 14:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-11 14:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-11 14:57 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-11 14:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-11 14:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-11 14:57 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-11 14:57 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-11 14:57 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-11 14:57 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-11 14:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-11 14:57 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-11 14:57 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-11 14:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-11 14:57 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-11 14:57 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-11 14:57 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-11 14:57 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-11 14:57 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-11 14:57 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-11 14:57 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-11 14:57 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-11 14:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-11 14:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-11 14:57 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-11 14:57 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-11 14:57 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-11 14:57 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-11 14:57 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-11 14:57 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-11 14:57 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-11 14:57 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-11 14:57 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-11 14:57 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-11 14:57 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-11 14:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-11 14:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-11 14:57 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-11 14:54 - 2015-02-11 14:54 - 00000692 _____ () C:\Users\Leon\Desktop\JRT.txt 2015-02-11 14:52 - 2015-02-11 14:52 - 01388274 _____ (Thisisu) C:\Users\Leon\Desktop\JRT.exe 2015-02-11 14:45 - 2015-02-11 14:47 - 00000000 ____D () C:\AdwCleaner 2015-02-11 14:45 - 2015-02-11 14:45 - 02112512 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.110.exe 2015-02-11 14:39 - 2015-02-11 14:39 - 00033499 _____ () C:\Users\Leon\Desktop\mbam.txt 2015-02-11 14:24 - 2015-02-11 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-11 14:24 - 2015-02-11 14:24 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-11 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-11 14:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-11 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-11 14:22 - 2015-02-11 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-10 18:19 - 2015-02-10 18:20 - 00035355 _____ () C:\Users\Leon\Desktop\Addition.txt 2015-02-10 18:18 - 2015-02-15 21:11 - 00017632 _____ () C:\Users\Leon\Desktop\FRST.txt 2015-02-10 18:18 - 2015-02-15 21:11 - 00000000 ____D () C:\FRST 2015-02-10 18:18 - 2015-02-15 21:04 - 02085888 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe 2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434} 2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D} 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software 2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software 2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-10 17:01 - 2015-02-15 21:08 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job 2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI 2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm 2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk 2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk 2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk 2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk 2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren 2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks 2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk 2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt 2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe 2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK 2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe 2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 21:10 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-15 21:10 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive 2015-02-15 21:10 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype 2015-02-15 21:10 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe 2015-02-15 21:08 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi 2015-02-15 21:08 - 2013-08-22 15:46 - 00346323 _____ () C:\WINDOWS\setupact.log 2015-02-15 21:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-15 21:08 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-15 21:07 - 2013-09-29 20:05 - 00123680 _____ () C:\WINDOWS\PFRO.log 2015-02-15 21:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-15 21:05 - 2013-11-26 19:08 - 01419499 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-15 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-15 21:00 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT 2015-02-15 20:59 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT 2015-02-15 20:58 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45} 2015-02-12 21:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-12 21:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-12 21:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-12 21:07 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001 2015-02-12 17:18 - 2014-09-21 18:35 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-12 17:04 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-11 16:13 - 2014-12-11 17:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-11 16:13 - 2014-07-13 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-11 15:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-11 14:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew 2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini 2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon 2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc 2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe 2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe 2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe 2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele 2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help 2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule 2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings ==================== Files in the root of some directories ======= 2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG 2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT 2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe 2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe 2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-12 21:08 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015 Ran by Leon at 2015-02-15 21:04:50 Run:1 Running from C:\Users\Leon\Desktop Loaded Profiles: Leon (Available profiles: Leon) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp C:\Users\Leon\AppData\Roaming\ACQUPTNI C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe D:\Tools\MEDION MediaPack 2\Setup.exe AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889 CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP" S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X] S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X] Emptytemp: ***************** C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll => Moved successfully. C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe => Moved successfully. C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe => Moved successfully. C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp => Moved successfully. C:\Users\Leon\AppData\Roaming\ACQUPTNI => Moved successfully. C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe => Moved successfully. C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe => Moved successfully. D:\Tools\MEDION MediaPack 2\Setup.exe => Moved successfully. "C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. Chrome StartupUrls deleted successfully. tuquzini => Service deleted successfully. serverjo => Service deleted successfully. EmptyTemp: => Removed 3.3 GB temporary data. The system needed a reboot. ==== End of Fixlog 21:05:30 ==== |
16.02.2015, 17:53 | #10 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme! Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.02.2015, 00:07 | #11 |
| Entfernung nerviger Programme! Perfekt Daaaaaaankeee!! |
17.02.2015, 17:35 | #12 |
/// the machine /// TB-Ausbilder | Entfernung nerviger Programme! Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |