| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zombie NewsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2015, 01:07
| #1 |
| |  Zombie News Hallo, ich habe mir vor einiger Zeit ein programm runtergeladen, welches ich aber direkt wieder gelöscht habe. Das Problem ist es hat einige Programme mit instaliert, wie z.B. Zombie News. Nur fügt Zombie News meinem Browser (Google Chrome) immer Werbung hinzu, es wird aber in der Systemsteuerung nicht mehr als Programm angezeigt.Ich habe aucxh schon mehrmals alle Browserdaten gelöscht, das half aber nichts. Wie kann ich dieses Adon/(Zirrus?) entfernen? |
|
15.02.2015, 07:31
| #2 |
| /// the machine /// TB-Ausbilder    | Zombie News hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.02.2015, 15:16
| #3 |
| | Zombie News FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Nikolas (administrator) on KAVELL on 15-02-2015 15:12:25
Running from C:\Users\Nikolas\Desktop
Loaded Profiles: Nikolas (Available profiles: Nikolas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(OSBASE) C:\Windows\System32\ddmgr.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Time Lapse Solutions) C:\ProgramData\ocqWmKEcRF\VxVeErTGUaO.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
() C:\Windows\System32\flvga_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) B:\programme\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [380928 2013-08-26] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [gmsd_de_88] => [X]
HKLM-x32\...\Run: [iTunesHelper] => B:\programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\RunOnce: [upmbot_de_421.exe] => C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe [3306664 2015-01-13] ()
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [GoogleChromeAutoLaunch_697551E3D5F86BE391CF7A5E0166653F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\MountPoints2: {1563713d-6c64-11e4-8272-74d4359a6673} - "E:\startme.exe"
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [257808 2015-02-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221968 2015-02-02] (Client Connect LTD)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:63507;https=127.0.0.1:63507
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M4C5843D0-9567-44D9-A870-FD87F6B42A40&SearchSource=55&CUI=&UM=8&UP=SP10F3D055-7788-4BD1-9FA5-7979FA87FB59&SSPV=
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmia_15_03_ch&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzy0AyCyCyBtA0A0B0AtDtN0D0Tzu0StCtCtDzytN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StDyCzztCtCtByDyDtG0EtCyDtBtGzz0A0DyEtG0D0DtDyEtGyBzzyEyB0DtDyEtAtDyD0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0CyCtB0D0FyCtGtA0DyByEtGyE0AtDtDtG0A0DtByBtGzz0EzytB0DyD0CtC0FzztBtA2Q&cr=1630127904&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M4C5843D0-9567-44D9-A870-FD87F6B42A40&SearchSource=58&CUI=&UM=8&UP=SP10F3D055-7788-4BD1-9FA5-7979FA87FB59&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M4C5843D0-9567-44D9-A870-FD87F6B42A40&SearchSource=58&CUI=&UM=8&UP=SP10F3D055-7788-4BD1-9FA5-7979FA87FB59&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&ts=1421600447&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&ts=1421600447&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&ts=1421600447&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&ts=1421600447&type=default&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default
FF DefaultSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> B:\programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\user.js
FF Extension: Fast Start - C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\Extensions\faststartff@gmail.com [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TIPP10 - Kostenloser 10-Finger-Schreibtrainer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfcabopgpiohpfcjkpifbmoclclfkhn [2014-06-14]
CHR Extension: (Google Docs) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14]
CHR Extension: (Google Drive) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14]
CHR Extension: (Intelligence Quiz) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2014-06-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14]
CHR Extension: (Musik Songs Spieler) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdenlcnfdjepagejpfajlkicggieknab [2014-06-14]
CHR Extension: (Universal VideoMaximizer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnlfphfngnfhjcnoikfhaomaaflaiie [2014-12-27]
CHR Extension: (Google-Suche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14]
CHR Extension: (Whatsapp™ on pc) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2015-01-14]
CHR Extension: (Comment Bank & Report Writer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhocfhmnkdcieijdogcpolgldfmocgn [2014-06-14]
CHR Extension: (Type Scout) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-06-14]
CHR Extension: (Downloads Shortcut) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf [2014-07-02]
CHR Extension: (Chrome App Maker) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hciflpkhdfhbipgkdophdcgjieeglhch [2014-12-27]
CHR Extension: (CNN RSS News Reader) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikidfffcbojnekagpmbicclbpmagjenc [2014-12-27]
CHR Extension: (Google +1-Schaltfläche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-12-27]
CHR Extension: (Eingabe-Test - KeyHero) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-06-14]
CHR Extension: (IQ Test) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocgohpofmahhbaijdodlekmhklabcnl [2014-06-14]
CHR Extension: (Extensions Manager aka Switcher) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-01-14]
CHR Extension: (Clock View) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [2014-07-02]
CHR Extension: (3D Functions Plotter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\naolaacfeloakcdcnenhkeicocefkkfe [2014-06-14]
CHR Extension: (World Map) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipmhcphldahmaffcapambikpnmdpbka [2014-06-14]
CHR Extension: (audioboxlive dj radio) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmieijlelbhlhijiefopdngdnldbodhi [2014-06-14]
CHR Extension: (Google Wallet) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14]
CHR Extension: (Wetter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2014-06-14]
CHR Extension: (Fox News) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna [2014-12-27]
CHR Extension: (Simple typing tutor) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejilophemlijikebkeapcijndnmmhfk [2014-06-14]
CHR Extension: (atomshot) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfmllbdhacnbnjgenkeflcmklpkjdcn [2014-12-27]
CHR Extension: (Google Mail) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14]
CHR Extension: (Extutil) - C:\Users\Nikolas\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-02-15]
CHR Extension: (PerIceiLessu) - C:\ProgramData\fibagakbgnpmiidianmojbhblnhbflka\ [2015-02-15]
CHR Extension: (Managera) - C:\Users\Nikolas\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-02-15]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-15] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3505936 2015-01-28] (Client Connect LTD)
R2 ddmgr; C:\Windows\system32\ddmgr.exe [841888 2013-10-31] (OSBASE)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [558544 2015-02-07] (Client Connect LTD)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 VxVeErTGUaO; C:\ProgramData\ocqWmKEcRF\VxVeErTGUaO.exe [2726256 2015-01-16] (Time Lapse Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Update Browser Good; No ImagePath
S2 Update CommonShare; No ImagePath
S2 Update PlumoWeb; No ImagePath
S2 wpsvc_1.10.0.6; No ImagePath
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-15] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [171168 2013-10-31] (OSBASE)
R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [17056 2013-10-31] (OSBASE)
S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [171688 2013-11-01] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 wpnfd_1_10_0_6; C:\Windows\System32\drivers\wpnfd_1_10_0_6.sys [58240 2015-01-07] (Word Proser)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 15:12 - 2015-02-15 15:12 - 00025984 _____ () C:\Users\Nikolas\Desktop\FRST.txt
2015-02-15 15:12 - 2015-02-15 15:12 - 00000000 ____D () C:\FRST
2015-02-15 15:11 - 2015-02-15 15:10 - 02134528 _____ (Farbar) C:\Users\Nikolas\Desktop\FRST64.exe
2015-02-15 15:10 - 2015-02-15 15:10 - 02134528 _____ (Farbar) C:\Users\Nikolas\Downloads\FRST64.exe
2015-02-12 17:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:26 - 2015-02-15 15:08 - 00003804 _____ () C:\Windows\wininit.ini
2015-02-11 18:24 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 18:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 18:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 18:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 18:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 18:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 18:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 18:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 18:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 18:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 18:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 18:24 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 18:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 18:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 18:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 18:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 18:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 18:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 18:24 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 18:24 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 18:24 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 18:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 18:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 18:24 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 18:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 18:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 18:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 18:24 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 18:24 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 18:24 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 18:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 18:24 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 18:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 18:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 18:24 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 18:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 18:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 18:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 18:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 18:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 18:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 18:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 18:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 18:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 18:24 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 18:24 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 18:24 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 18:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 18:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 18:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 18:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 18:24 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 18:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 18:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 18:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 18:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 18:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 18:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 18:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 18:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 18:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 18:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 18:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 18:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 18:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 15:59 - 2015-02-15 15:08 - 00003470 _____ () C:\Windows\System32\Tasks\avaxvyyvyf
2015-02-10 15:59 - 2015-02-11 18:23 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\avaxvyyvyf
2015-02-09 22:30 - 2015-02-09 22:30 - 00000746 _____ () C:\Users\Nikolas\Desktop\Notepad++.lnk
2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Notepad++
2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-02-09 22:29 - 2015-02-09 22:29 - 07965917 _____ () C:\Users\Nikolas\Downloads\npp.6.7.4.Installer.exe
2015-02-07 17:12 - 2015-02-15 15:08 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-02-07 17:12 - 2015-02-07 23:57 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\avaxvavya
2015-02-07 17:12 - 2015-02-07 17:12 - 00003466 _____ () C:\Windows\System32\Tasks\avaxvavya
2015-02-07 17:12 - 2015-02-07 17:12 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\SearchProtect
2015-02-07 17:12 - 2015-02-07 17:12 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-02-04 20:14 - 2015-02-13 21:04 - 00006844 _____ () C:\Windows\setupact.log
2015-02-04 20:14 - 2015-02-04 20:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-04 18:13 - 2015-02-04 18:13 - 00002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel
2015-02-01 01:09 - 2015-02-01 01:09 - 04117346 _____ () C:\Users\Nikolas\Downloads\MotioninJoy_071001_signed (1).zip
2015-02-01 01:09 - 2015-02-01 01:09 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed (1).zip
2015-02-01 01:09 - 2012-05-12 05:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.exe
2015-02-01 00:57 - 2015-02-01 00:58 - 93427112 _____ (Oracle Corporation) C:\Users\Nikolas\Downloads\jre-8u31-windows-x64.exe
2015-02-01 00:51 - 2015-02-01 00:53 - 178639264 _____ (Oracle Corporation) C:\Users\Nikolas\Downloads\jdk-8u31-windows-x64.exe
2015-01-31 21:55 - 2015-01-31 21:55 - 00000000 ____D () C:\Users\Nikolas\Desktop\musik
2015-01-30 18:01 - 2015-01-30 18:01 - 00000220 _____ () C:\Users\Nikolas\Desktop\Garry's Mod.url
2015-01-30 17:59 - 2015-02-13 21:11 - 04629952 _____ () C:\Users\Nikolas\Desktop\TechnicLauncher.exe
2015-01-29 16:30 - 2015-02-11 18:25 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422545434
2015-01-29 16:30 - 2015-02-11 18:25 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Opera Software
2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Opera Software
2015-01-29 16:29 - 2015-01-29 16:29 - 32896408 _____ (Opera Software) C:\Users\Nikolas\Downloads\Opera_27.0.1689.54_Setup.exe
2015-01-27 23:29 - 2015-01-27 23:29 - 00000883 _____ () C:\Users\Public\Desktop\SimCity™.lnk
2015-01-27 23:29 - 2015-01-27 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
2015-01-27 20:40 - 2015-01-27 20:40 - 00000585 _____ () C:\Users\Nikolas\Desktop\eclipse.exe - Verknüpfung.lnk
2015-01-27 20:39 - 2015-02-01 00:56 - 00000000 ____D () C:\Users\Nikolas\Desktop\eclipse
2015-01-27 20:39 - 2015-01-27 20:39 - 215762517 _____ () C:\Users\Nikolas\Desktop\eclipse-standard-luna-R-win32.zip
2015-01-27 20:35 - 2015-01-27 20:39 - 215762517 _____ () C:\Users\Nikolas\Downloads\eclipse-standard-luna-R-win32.zip
2015-01-27 20:32 - 2015-02-06 18:17 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\TS3Client
2015-01-27 20:32 - 2015-01-27 20:32 - 00000733 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-01-27 20:32 - 2015-01-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-01-27 20:30 - 2015-01-27 20:31 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Nikolas\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2015-01-26 20:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-26 20:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-24 21:56 - 2015-01-24 21:56 - 00000955 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2015-01-24 21:56 - 2015-01-24 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2015-01-23 22:42 - 2015-01-24 22:40 - 00000000 ____D () C:\Users\Nikolas\Documents\Electronic Arts
2015-01-21 16:53 - 2015-01-21 16:53 - 00585808 _____ () C:\Users\Nikolas\Downloads\Nicht bestätigt 261879.crdownload
2015-01-20 15:29 - 2015-01-20 15:41 - 00000000 ____D () C:\Users\Nikolas\Desktop\handy
2015-01-19 23:12 - 2015-01-19 23:34 - 00000270 _____ () C:\Users\Nikolas\Desktop\geschie.txt
2015-01-19 20:22 - 2015-01-19 20:22 - 00000863 _____ () C:\Users\Public\Desktop\FIFA 14.lnk
2015-01-19 20:22 - 2015-01-19 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2015-01-19 15:50 - 2015-01-19 15:50 - 02060888 _____ () C:\Users\Nikolas\Downloads\winrar-x64-520d.exe
2015-01-19 15:48 - 2015-01-19 15:48 - 01376768 _____ () C:\Users\Nikolas\Downloads\7z920-x64.msi
2015-01-19 15:47 - 2015-01-19 15:46 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.zip
2015-01-19 15:46 - 2015-01-19 15:46 - 04117346 _____ () C:\Users\Nikolas\Downloads\MotioninJoy_071001_signed.zip
2015-01-18 23:34 - 2015-01-18 23:34 - 00000829 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk
2015-01-18 23:34 - 2015-01-18 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 14
2015-01-18 22:23 - 2015-01-18 22:23 - 00001076 _____ () C:\Users\Public\Desktop\Die Sims 4 Erstelle einen Sim-Demo.lnk
2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4 Erstelle einen Sim-Demo
2015-01-18 22:23 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-01-18 20:32 - 2015-01-19 15:38 - 00000041 _____ () C:\Users\Nikolas\Desktop\staeme angriffe stats.txt
2015-01-18 19:32 - 2015-01-18 19:32 - 00000770 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-01-18 17:59 - 2015-01-18 17:59 - 00000728 _____ () C:\Users\Nikolas\Desktop\Format Factory.lnk
2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\ProgramData\Baidu
2015-01-18 17:56 - 2015-01-18 17:58 - 52876065 _____ (Free Time) C:\Users\Nikolas\Downloads\FFSetup3.5.1.exe
2015-01-18 17:56 - 2015-01-18 17:56 - 00372576 _____ () C:\Users\Nikolas\Downloads\Nicht bestätigt 521190.crdownload
2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Ashampoo
2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\ashampoo
2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-01-18 17:50 - 2015-01-18 17:50 - 00823792 _____ ( ) C:\Users\Nikolas\Downloads\FFSetupNoDVDRip3.5.0.0_CB-DL-Manager.exe
2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-18 00:11 - 2015-01-18 00:11 - 00000734 _____ () C:\Users\Public\Desktop\Blender.lnk
2015-01-18 00:11 - 2015-01-18 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2015-01-18 00:10 - 2015-01-18 00:11 - 91931728 _____ (The GIMP Team ) C:\Users\Nikolas\Downloads\gimp-2.8.14-setup-1.exe
2015-01-18 00:08 - 2015-01-18 00:08 - 00009127 _____ () C:\Users\Nikolas\Downloads\gimp-2.8.14-setup-1.exe.torrent
2015-01-18 00:08 - 2015-01-18 00:08 - 00001556 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-18 00:08 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-18 00:08 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-18 00:07 - 2015-01-18 00:45 - 00000000 ____D () C:\Program Files\iTunes
2015-01-18 00:07 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\iPod
2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-18 00:05 - 2015-01-18 00:07 - 64583340 _____ () C:\Users\Nikolas\Downloads\blender-2.73-windows64.exe
2015-01-18 00:04 - 2015-01-18 00:04 - 01179936 _____ () C:\Users\Nikolas\Downloads\Blender 64 Bit - CHIP-Installer.exe
2015-01-18 00:02 - 2015-01-18 00:06 - 91670064 _____ (The GIMP Team ) C:\Users\Nikolas\Downloads\gimp-2.8.14-setup.exe
2015-01-18 00:01 - 2015-01-18 00:05 - 122418480 _____ (Apple Inc.) C:\Users\Nikolas\Downloads\iTunes64Setup.exe
2015-01-16 23:25 - 2015-01-17 23:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 14:07 - 2015-02-15 00:54 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\ZombieNews
2015-01-16 14:07 - 2015-01-16 14:07 - 00000000 ____D () C:\ProgramData\ocqWmKEcRF
2015-01-16 14:07 - 2015-01-16 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 15:08 - 2014-06-14 20:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1395782937-2529212249-1045901662-1001
2015-02-15 15:06 - 2015-01-14 18:43 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\mbot_de_421
2015-02-15 15:06 - 2014-06-14 20:29 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36B13CAC-EAFF-44D3-AA12-61C9B49E84A1}
2015-02-15 15:05 - 2014-06-15 12:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-15 15:04 - 2014-06-14 19:53 - 01129286 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 15:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-15 15:03 - 2014-09-14 10:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Skype
2015-02-15 15:03 - 2014-06-14 20:29 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 15:03 - 2014-06-14 20:22 - 00000000 __RDO () C:\Users\Nikolas\OneDrive
2015-02-15 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-15 01:21 - 2015-01-14 18:39 - 00000296 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job
2015-02-15 01:21 - 2014-06-14 20:33 - 00000000 ____D () C:\ProgramData\Origin
2015-02-15 01:21 - 2014-06-14 20:29 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 00:56 - 2015-01-14 18:30 - 00000314 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-02-15 00:36 - 2014-07-22 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 23:31 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 20:05 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-13 21:14 - 2014-08-13 22:48 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.minecraft
2015-02-13 21:11 - 2014-06-14 22:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.technic
2015-02-13 12:30 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-13 12:30 - 2014-03-18 10:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-02-13 12:30 - 2014-03-18 10:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-02-13 12:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 12:24 - 2013-08-22 15:44 - 00457624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 00:22 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-12 17:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 17:01 - 2015-01-14 18:39 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-11 18:55 - 2014-06-16 13:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 18:52 - 2014-06-16 13:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 18:20 - 2014-03-18 02:50 - 00104060 _____ () C:\Windows\PFRO.log
2015-02-05 20:01 - 2014-12-23 02:07 - 00000000 ____D () C:\Users\Nikolas\Desktop\blender
2015-02-04 22:28 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-04 20:45 - 2014-11-26 07:42 - 00114176 ___SH () C:\Users\Nikolas\Desktop\Thumbs.db
2015-02-04 20:00 - 2014-09-12 16:37 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 19:36 - 2014-07-22 12:18 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 18:13 - 2014-07-03 21:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\gtk-2.0
2015-02-04 18:12 - 2014-07-03 20:46 - 00000000 ____D () C:\Users\Nikolas\.gimp-2.8
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 19:34 - 2014-06-20 22:41 - 00000000 ____D () C:\Users\Nikolas\Documents\FIFA 14
2015-02-01 23:09 - 2014-06-14 20:20 - 00000000 ____D () C:\Users\Nikolas
2015-02-01 00:56 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 00:55 - 2014-06-14 22:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-01 00:55 - 2014-06-14 22:58 - 00000000 ____D () C:\Program Files\Java
2015-02-01 00:55 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-30 18:01 - 2014-08-10 10:53 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-26 13:49 - 2015-01-14 18:42 - 00000000 ____D () C:\ProgramData\f018dc58000009c2
2015-01-23 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-21 21:45 - 2014-07-25 23:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Blender Foundation
2015-01-19 20:21 - 2014-06-20 20:52 - 00279655 _____ () C:\Windows\DirectX.log
2015-01-19 15:55 - 2014-07-01 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 15:51 - 2014-10-27 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-19 15:50 - 2014-10-27 21:25 - 00000710 _____ () C:\Users\Nikolas\Desktop\WinRAR.lnk
2015-01-19 15:50 - 2014-10-27 21:25 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-18 18:00 - 2015-01-14 18:00 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-18 18:00 - 2014-07-22 12:13 - 00000717 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 18:00 - 2014-06-14 20:30 - 00002403 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 18:00 - 2014-06-14 20:20 - 00001662 _____ () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-18 00:07 - 2014-06-14 22:05 - 00000000 ____D () C:\ProgramData\Apple
2015-01-17 21:52 - 2014-08-13 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-01-17 21:51 - 2014-12-15 18:24 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Unity
2015-01-17 21:50 - 2014-12-15 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2015-01-17 21:45 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-17 20:20 - 2015-01-03 20:11 - 00000000 ____D () C:\xampp
2015-01-16 23:00 - 2014-07-25 23:28 - 00000000 ____D () C:\tmp
2015-01-16 14:13 - 2015-01-14 18:39 - 00000000 ____D () C:\Program Files (x86)\IObit
==================== Files in the root of some directories =======
2015-02-04 18:13 - 2015-02-04 18:13 - 0002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Nikolas\AppData\Local\Temp\Setup.exe
C:\Users\Nikolas\AppData\Local\Temp\setup_460.exe
C:\Users\Nikolas\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-07 17:30
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Nikolas at 2015-02-15 15:12:57
Running from C:\Users\Nikolas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Easy Mail Recovery (HKLM-x32\...\Easy Mail Recovery) (Version: 2.0 - MunSoft)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Fresco Logic USB VGA Display Driver (HKLM\...\{A57B4026-6DFF-4D4A-81D5-FD4BC0EC0918}) (Version: 1.1.216.0 - Fresco Logic Inc.)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{AD094F97-7764-4E78-BA4E-4FB44CB09858}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3742516F-F06A-413E-9DD9-5B84AE0E7C86}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM-x32\...\MX.{146DFB48-B585-48B9-A407-16DD6F686550}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 (Version: 13.0.0.28 - MAGIX AG) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows - DEU (HKLM-x32\...\{5626bd5c-91ed-4cbb-98e8-2aa80a3ab129}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Opera Stable 27.0.1689.54 (HKLM-x32\...\Opera 27.0.1689.54) (Version: 27.0.1689.54 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.20.11.17 - Client Connect LTD) <==== ATTENTION
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Wajam (HKLM-x32\...\Wajam) (Version: 2.12 (i2.4) - Wajam) <==== ATTENTION
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> B:\programme\blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {23264D7C-0F9A-4ACD-A952-198F19EA81A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {3BE6DFCC-2B74-4CD9-A68F-0D24515BCA47} - System32\Tasks\avaxvavya => C:\Users\Nikolas\AppData\Local\avaxvavya\avaxvavya.exe [2015-01-28] ()
Task: {5864B2D4-716D-470C-BFB0-4AB7DB543FD4} - System32\Tasks\avaxvyyvyf => C:\Users\Nikolas\AppData\Local\avaxvyyvyf\avaxvyyvyf.exe [2015-02-02] ()
Task: {659D605A-5A41-40B8-AADB-962DB44E7B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {7DF0F76D-828E-4DE7-B37B-CF140C7B1DE1} - System32\Tasks\WSE_Vosteran => C:\Users\Nikolas\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {86732B12-903B-43BD-B142-367F8388A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1EA780A-0B08-43F1-88B9-6067690ED99E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-15] (AVAST Software)
Task: {B5911364-AD04-44DA-B8E4-CD549D336BF6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {C1934C96-FF9A-4B77-9ABE-A89B6AFF9D98} - System32\Tasks\Opera scheduled Autoupdate 1422545434 => C:\Program Files (x86)\Opera\launcher.exe [2015-01-23] (Opera Software)
Task: {E3EBC7B4-37D2-4C65-8BA5-7824521C63D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {FF124C6E-4A1F-4D5F-822D-9E48E8518FA1} - System32\Tasks\Uninstaller_SkipUac_Nikolas => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-14] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Nikolas\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2013-09-11 20:57 - 2013-09-11 20:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-01-14 18:43 - 2015-01-13 11:36 - 03306664 _____ () C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe
2013-08-26 02:45 - 2013-08-26 02:45 - 00380928 _____ () C:\Windows\System32\flvga_tray.exe
2013-09-11 20:57 - 2013-09-11 20:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-13 00:05 - 2015-02-13 00:05 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll
2015-02-14 21:00 - 2015-02-14 21:00 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021401\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-06-15 12:38 - 2014-06-15 12:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Nikolas\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\StartupApproved\Run: => "EADM"
==================== Accounts: =============================
Administrator (S-1-5-21-1395782937-2529212249-1045901662-500 - Administrator - Disabled)
Gast (S-1-5-21-1395782937-2529212249-1045901662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1395782937-2529212249-1045901662-1006 - Limited - Enabled)
Nikolas (S-1-5-21-1395782937-2529212249-1045901662-1001 - Administrator - Enabled) => C:\Users\Nikolas
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 03:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gentlemjmp_ieu.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2318
Startzeit: 01d04928998cd70a
Endzeit: 4294967295
Anwendungspfad: C:\Users\Nikolas\AppData\Local\Temp\is-LHU09.tmp\gentlemjmp_ieu.tmp
Berichts-ID: ecccddf5-b51b-11e4-82a8-74d4359a6673
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/15/2015 03:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm majmp_gentleeu.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15e0
Startzeit: 01d04928958aacb5
Endzeit: 4294967295
Anwendungspfad: C:\Users\Nikolas\AppData\Local\Temp\is-OJKVR.tmp\majmp_gentleeu.tmp
Berichts-ID: e309d2fe-b51b-11e4-82a8-74d4359a6673
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/15/2015 00:47:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: uninstall.exe_Search Protect, Version: 2.20.11.17, Zeitstempel: 0x54cf5685
Name des fehlerhaften Moduls: uninstall.exe, Version: 2.20.11.17, Zeitstempel: 0x54cf5685
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000781b
ID des fehlerhaften Prozesses: 0x2950
Startzeit der fehlerhaften Anwendung: 0xuninstall.exe_Search Protect0
Pfad der fehlerhaften Anwendung: uninstall.exe_Search Protect1
Pfad des fehlerhaften Moduls: uninstall.exe_Search Protect2
Berichtskennung: uninstall.exe_Search Protect3
Vollständiger Name des fehlerhaften Pakets: uninstall.exe_Search Protect4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: uninstall.exe_Search Protect5
Error: (02/15/2015 00:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: uninstall.exe_Search Protect, Version: 2.20.11.17, Zeitstempel: 0x54cf5685
Name des fehlerhaften Moduls: uninstall.exe, Version: 2.20.11.17, Zeitstempel: 0x54cf5685
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000781b
ID des fehlerhaften Prozesses: 0x13f0
Startzeit der fehlerhaften Anwendung: 0xuninstall.exe_Search Protect0
Pfad der fehlerhaften Anwendung: uninstall.exe_Search Protect1
Pfad des fehlerhaften Moduls: uninstall.exe_Search Protect2
Berichtskennung: uninstall.exe_Search Protect3
Vollständiger Name des fehlerhaften Pakets: uninstall.exe_Search Protect4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: uninstall.exe_Search Protect5
Error: (02/14/2015 11:31:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x8004231f).
Error: (02/14/2015 11:31:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x8004231f).
Error: (02/14/2015 10:16:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm InstallManager.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2408
Startzeit: 01d0489b7ef9155e
Endzeit: 4294967295
Anwendungspfad: C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\InstallManager.exe
Berichts-ID: c80d0d0d-b48e-11e4-82a8-74d4359a6673
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/14/2015 10:16:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm gentlemjmp_ieu.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c34
Startzeit: 01d0489b6c59459d
Endzeit: 4294967295
Anwendungspfad: C:\Users\Nikolas\AppData\Local\Temp\is-GCMBB.tmp\gentlemjmp_ieu.tmp
Berichts-ID: c4aac271-b48e-11e4-82a8-74d4359a6673
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/14/2015 10:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm package_cp_desktopdock_installer_multilang.tmp, Version 51.52.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15e4
Startzeit: 01d0489b7d6a2f1f
Endzeit: 4294967295
Anwendungspfad: C:\Users\Nikolas\AppData\Local\Temp\is-2EPT2.tmp\package_cp_desktopdock_installer_multilang.tmp
Berichts-ID: c3918680-b48e-11e4-82a8-74d4359a6673
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/14/2015 02:08:22 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8004231f).
System errors:
=============
Error: (02/15/2015 01:21:53 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (02/15/2015 01:21:49 AM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (02/15/2015 01:21:49 AM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (02/15/2015 01:21:47 AM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/15/2015 01:21:47 AM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (02/15/2015 00:46:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Browser Good" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/15/2015 00:46:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update Browser Good" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/14/2015 01:43:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (02/14/2015 01:31:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports
Error: (02/13/2015 10:24:27 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Microsoft Office Sessions:
=========================
Error: (02/15/2015 03:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieu.tmp51.52.0.0231801d04928998cd70a4294967295C:\Users\Nikolas\AppData\Local\Temp\is-LHU09.tmp\gentlemjmp_ieu.tmpecccddf5-b51b-11e4-82a8-74d4359a6673
Error: (02/15/2015 03:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: majmp_gentleeu.tmp51.52.0.015e001d04928958aacb54294967295C:\Users\Nikolas\AppData\Local\Temp\is-OJKVR.tmp\majmp_gentleeu.tmpe309d2fe-b51b-11e4-82a8-74d4359a6673
Error: (02/15/2015 00:47:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstall.exe_Search Protect2.20.11.1754cf5685uninstall.exe2.20.11.1754cf5685c00004090000781b295001d048b07bf12edfC:\PROGRA~2\SearchProtect\Main\bin\uninstall.exeC:\PROGRA~2\SearchProtect\Main\bin\uninstall.exec61a3a76-b4a3-11e4-82a8-74d4359a6673
Error: (02/15/2015 00:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstall.exe_Search Protect2.20.11.1754cf5685uninstall.exe2.20.11.1754cf5685c00004090000781b13f001d048b05e4d183eC:\PROGRA~2\SearchProtect\Main\bin\uninstall.exeC:\PROGRA~2\SearchProtect\Main\bin\uninstall.exeae4fe3e1-b4a3-11e4-82a8-74d4359a6673
Error: (02/14/2015 11:31:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -EmbeddingWindows Modules Installer0x8004231f
Error: (02/14/2015 11:31:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x8004231f
Error: (02/14/2015 10:16:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: InstallManager.exe0.0.0.0240801d0489b7ef9155e4294967295C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\InstallManager.exec80d0d0d-b48e-11e4-82a8-74d4359a6673
Error: (02/14/2015 10:16:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieu.tmp51.52.0.01c3401d0489b6c59459d4294967295C:\Users\Nikolas\AppData\Local\Temp\is-GCMBB.tmp\gentlemjmp_ieu.tmpc4aac271-b48e-11e4-82a8-74d4359a6673
Error: (02/14/2015 10:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: package_cp_desktopdock_installer_multilang.tmp51.52.0.015e401d0489b7d6a2f1f4294967295C:\Users\Nikolas\AppData\Local\Temp\is-2EPT2.tmp\package_cp_desktopdock_installer_multilang.tmpc3918680-b48e-11e4-82a8-74d4359a6673
Error: (02/14/2015 02:08:22 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: 0x8004231f
==================== Memory info ===========================
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 8156.63 MB
Available physical RAM: 5643.96 MB
Total Pagefile: 16348.63 MB
Available Pagefile: 12833.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive b: (Volume) (Fixed) (Total:1863.01 GB) (Free:1819.22 GB) NTFS
Drive c: () (Fixed) (Total:55.56 GB) (Free:0 GB) NTFS
Drive g: (programme) (Fixed) (Total:465.76 GB) (Free:407.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 0DEEBAFD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CFEB1E49)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: C34F5F23)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.02.2015, 19:34
| #4 |
| /// the machine /// TB-Ausbilder | Zombie News Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.02.2015, 21:20
| #5 |
| | Zombie News AdwCleaner[S0]: Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 15/02/2015 um 20:10:34
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Nikolas - KAVELL
# Gestarted von : C:\Users\Nikolas\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\baidu
Ordner Gelöscht : C:\ProgramData\12189901095735080612
Ordner Gelöscht : C:\ProgramData\f018dc58000009c2
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Nikolas\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Nikolas\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Nikolas\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\ProgramData\fibagakbgnpmiidianmojbhblnhbflka
Datei Gelöscht : C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\user.js
Datei Gelöscht : C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Nikolas\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Nikolas\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Nikolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Nikolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P12b8ef41_327f_43f4_8440_284c721aea52_.P12b8ef41_327f_43f4_8440_284c721aea52_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P12b8ef41_327f_43f4_8440_284c721aea52_.P12b8ef41_327f_43f4_8440_284c721aea52_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P1fe64051_817d_495b_a27b_9049b3767fb3_.P1fe64051_817d_495b_a27b_9049b3767fb3_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P1fe64051_817d_495b_a27b_9049b3767fb3_.P1fe64051_817d_495b_a27b_9049b3767fb3_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{12b8ef41-327f-43f4-8440-284c721aea52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1fe64051-817d-495b-a27b-9049b3767fb3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12b8ef41-327f-43f4-8440-284c721aea52}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12b8ef41-327f-43f4-8440-284c721aea52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{12b8ef41-327f-43f4-8440-284c721aea52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1fe64051-817d-495b-a27b-9049b3767fb3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{12b8ef41-327f-43f4-8440-284c721aea52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{1fe64051-817d-495b-a27b-9049b3767fb3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\Super Optimizer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v31.0 (x86 de)
[t8t5na1b.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.BirthDate", "1407968375");
-\\ Google Chrome v39.0.2171.95
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : flcnmdehjfeflkohlockkbmoglehckdf
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : mfhkgfigejkhikbkfkkglinnkfojkdek
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fibagakbgnpmiidianmojbhblnhbflka
[C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M533E912E-712F-464B-A3F4-ED22FAF4AE97&SearchSource=55&CUI=&UM=8&UP=SP7AE17A06-E768-4AFB-A707-190BBC97C381&SSPV=
-\\ Opera v27.0.1689.54
*************************
AdwCleaner[R0].txt - [7094 Bytes] - [15/02/2015 20:08:56]
AdwCleaner[S0].txt - [6854 Bytes] - [15/02/2015 20:10:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6913 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Nikolas on 15.02.2015 at 20:13:35,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.02.2015 at 20:17:50,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15.02.2015 Scan Time: 19:54:15 Logfile: mbam.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.15.04 Rootkit Database: v2015.02.03.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Nikolas Scan Type: Threat Scan Result: Completed Objects Scanned: 364350 Time Elapsed: 8 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1928, Delete-on-Reboot, [2a967da10c7e20163ea1ea20f30f8c74] PUP.Optional.ZombieNews.A, C:\ProgramData\ocqWmKEcRF\VxVeErTGUaO.exe, 2688, Delete-on-Reboot, [0fb15ac41278ec4a2a76ba066b96ea16] PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe, 6300, Delete-on-Reboot, [269aa57953376ccaa6ec9ad946bdee12] Modules: 2 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Delete-on-Reboot, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Delete-on-Reboot, [734d8b935a30ea4c1e09850fe71cf709], Registry Keys: 56 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [2a967da10c7e20163ea1ea20f30f8c74], PUP.Optional.ZombieNews.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VxVeErTGUaO, Quarantined, [0fb15ac41278ec4a2a76ba066b96ea16], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [c3fd36e84b3f4fe7ebb8aa627b88e61a], PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [c3fd36e84b3f4fe7ebb8aa627b88e61a], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [903025f98bff3303b0c247c506fd10f0], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [903025f98bff3303b0c247c506fd10f0], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [546c120c454585b14ef1b650e41f6a96], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [546c120c454585b14ef1b650e41f6a96], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [546c120c454585b14ef1b650e41f6a96], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [546c120c454585b14ef1b650e41f6a96], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [b7096bb32c5e2214e6a35fa8e71c23dd], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [b7096bb32c5e2214e6a35fa8e71c23dd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [af1105193c4e74c2a667ce73d82b5da3], PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_6, Quarantined, [8040a975602a6acca265465a18eb56aa], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [7749ee306327cf67ed7846bd33d2ee12], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [328ef826cebc58dedcb8801751b218e8], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [1aa6a17d89012214f02bea107e86e818], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, Quarantined, [912f63bb8a009f979f27ded39b688c74], PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [d7e97da1a0eaee487afad5c3e71c5fa1], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [5f612ef0ef9b92a49195a5eff70ca15f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [556b819d9feb73c31e75f4e5bc47fa06], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, Quarantined, [b50b0d11c4c605311a3d505bc93ac739], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [0bb5e43a2d5d50e6b34c7526bd463fc1], PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [ecd4150975152016d49b56b09f66fe02], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [2a96041a3159e84e6de822ec59ac22de], PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.6, Quarantined, [eed275a98ffb191d16f4ced271928779], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [7f414dd194f6f4427beafe0506ff659b], PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [744c27f7a3e785b1088c1f78c340d32d], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3a868a94abdfe94df02b4dad4db71ae6], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, Quarantined, [dee258c60684d462ccfa5c55b84b26da], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [8f3116089bef2016de07fcb8e71c3dc3], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [ead61c024941e94d32d77f2928db659b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [229ec05e63272b0b816f07a255ae48b8], PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [4e72cb53d7b30a2c54a80515c73ee719], PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Browser Good, Quarantined, [cdf3f6288208b6803e840c8a5ea5db25], PUP.Optional.CommonShare.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update CommonShare, Quarantined, [695770ae74163501938ae4cd976cea16], PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlumoWeb, Quarantined, [635d5ec0addd50e6cbfe04a3a261a15f], PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpsvc_1.10.0.6, Quarantined, [299708169ded989e7494811f0ff4eb15], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [11af1a04d7b3b3838d99ddc2fc07be42], PUP.Optional.MBOT.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mybestofferstoday, Quarantined, [724e100e58322b0b22fcff907d8653ad], PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, Quarantined, [714f948abad074c2f37b5947c63dc838], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [c8f83fdf93f77bbb4ff840d1bf4630d0], PUP.Optional.Vosteran.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, Quarantined, [bb0567b76f1b49edb2969df7956e16ea], PUP.Optional.MultiIE.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [ebd5fd21c1c99a9ca72757b455b0a060], PUP.Optional.Vosteran.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [4b759985ddad3ef8a2f32a6d699a5fa1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [318fb46aa7e3eb4b2481dcfc996a926e], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [fac6fd217812c274306040aef60e1fe1], PUP.Optional.Qone8, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3987ea3406844de93edccd2de51f817f], PUP.Optional.FastStart.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [28981d01b7d3bc7aa3660b9c986b5ba5], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [39872df13e4cb48255d1c4ca54afc63a], Registry Values: 10 PUP.Optional.Iminent.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [a9176eb07d0d171f4b56a69a41c206fa], PUP.Optional.Iminent.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [a9176eb07d0d171f4b56a69a41c206fa], PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [11afa27c0a80b086bcff42d6838201ff] PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_88, Quarantined, [6c54ea34ee9ccd698a5f3266847f9c64], PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com, Quarantined, [d0f017071f6b62d4a2d465a84bba41bf] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, Quarantined, [229ec05e63272b0b816f07a255ae48b8] PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 8C14419B-A02B-4776-8F30-B8163D691240, Quarantined, [4e72cb53d7b30a2c54a80515c73ee719] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0N2Y1N1N1S2X, Quarantined, [fac6fd217812c274306040aef60e1fe1] PUP.Optional.FastStart.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [28981d01b7d3bc7aa3660b9c986b5ba5] PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upmbot_de_421.exe, C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe -runonce, Quarantined, [269aa57953376ccaa6ec9ad946bdee12] Registry Data: 14 PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[fec23ee0b0da44f26298981c7590fc04] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99),Replaced,[3090be605139dc5a54a5e0d4e91ccd33] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99),Replaced,[6d53b16df595d85e374affc3ad586997] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[a917ac72335788ae0af1ecc8778e3ac6] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[a41c25f9701ac4725e6a00c0df26e719] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[a020d747deac82b4b04a0ba9fd08bb45] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99),Replaced,[caf6d747b2d86fc7a257c5ef20e5da26] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99),Replaced,[912f1608f892b581522f81410bfa629e] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[754b1707a5e59c9afffca60e0ef755ab] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[8838928c602ab77fa523259bb25330d0] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[972955c9e3a76acc9f0f4b69f80dbf41] PUP.Optional.Trovi.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M4C5843D0-9567-44D9-A870-FD87F6B42A40&SearchSource=55&CUI=&UM=8&UP=SP10F3D055-7788-4BD1-9FA5-7979FA87FB59&SSPV=, Good: (www.google.com), Bad: (hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M4C5843D0-9567-44D9-A870-FD87F6B42A40&SearchSource=55&CUI=&UM=8&UP=SP10F3D055-7788-4BD1-9FA5-7979FA87FB59&SSPV=),Replaced,[259bca541d6d40f6949b5066a065916f] PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99, Good: (www.google.com), Bad: (hxxp://www.mystartsearch.com/?type=hppp&ts=1421600431&from=smt&uid=KINGSTONXSV300S37A60G_50026B7744034C99),Replaced,[ad13a37be8a24beb13e9e6ce9d685da3] PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1395782937-2529212249-1045901662-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421254794&from=adks&uid=KINGSTONXSV300S37A60G_50026B7744034C99&q={searchTerms}),Replaced,[526ecf4f692120169914d6de2bda19e7] Folders: 83 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Delete-on-Reboot, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.InetStat.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat, Quarantined, [4878be6062282c0abe8bed2abe475aa6], PUP.Optional.AdPeak.A, C:\Program Files\005, Quarantined, [338d2fef6525ea4c550abc5be12427d9], Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [0fb1fd21aae039fd5cf748fdb25152ae], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\_metadata, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\_metadata, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\defaults, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [bf01d44a6d1dd2645abbadbf3dc6ab55], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [bf01d44a6d1dd2645abbadbf3dc6ab55], PUP.Optional.ZombieNews.A, C:\Users\Nikolas\AppData\Local\ZombieNews, Quarantined, [269ac5599af0de58a666086ab94aa45c], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421, Delete-on-Reboot, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\Download, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\mbot_de_421, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\mbot_de_421\1.20, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, Quarantined, [ecd48f8fbbcfae8845ad12626a994ab6], PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, Quarantined, [20a075a9dcae2d09caba4c2b00036e92], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [457bb26c7e0c06304f657711e71cc739], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [457bb26c7e0c06304f657711e71cc739], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], Files: 286 PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Delete-on-Reboot, [2a967da10c7e20163ea1ea20f30f8c74], PUP.Optional.ZombieNews.A, C:\ProgramData\ocqWmKEcRF\VxVeErTGUaO.exe, Delete-on-Reboot, [0fb15ac41278ec4a2a76ba066b96ea16], PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, Quarantined, [be02c05e73176fc7ca136d9eef146d93], PUP.Optional.ZombieNews.A, C:\ProgramData\ocqWmKEcRF\dat\DraYWeUO.exe, Delete-on-Reboot, [724ee03e87038ea8257b734d5ca54ab6], PUP.Optional.ZombieNews.A, C:\ProgramData\ocqWmKEcRF\dat\GLtCyTLJCb.exe, Delete-on-Reboot, [259bb36b99f1eb4b1e82437ddd24a759], PUP.Optional.ZombieInvasion.A, C:\ProgramData\ocqWmKEcRF\dat\VlhHweC.dll, Delete-on-Reboot, [cdf3011dff8bdf575e937e35f114a15f], PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantined, [615f4ad4bdcde74f399a12b706fbdb25], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\Temp\Setup.exe, Quarantined, [07b9a6784842e94d73d26252bc4532ce], PUP.Optional.DeskTopDock.A, C:\Users\Nikolas\AppData\Local\Temp\setup_460.exe, Quarantined, [01bf1806c2c87fb7357b43b7f90822de], PUP.Optional.SearchProtect, C:\Users\Nikolas\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [38889d813c4ef2442d90a073c0429967], PUP.Optional.BPlug, C:\Users\Nikolas\AppData\Local\Temp\is-10G0G.tmp\browsergood_soft_partner.exe, Quarantined, [348c55c92f5b1521faf14b86fb06748c], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_plushd_installer_multilang.exe, Quarantined, [dae6120cf496ff3718c6e116bf42936d], Riskware.Vmdetector, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\InstallManager.exe, Quarantined, [37898797b2d844f22aa5edbea461867a], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_quickref_installer_multilang.exe, Quarantined, [4a7643dbfb8f2c0ae8f614e3857cc63a], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [457b8a94b1d92b0b49952ccb946d28d8], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_secprotwhite_installer_multilang.exe, Quarantined, [c4fc5ac46129f5413ba314e3758c2fd1], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [ad1342dc4842a294429c599e59a8d62a], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_snapdo_linkury_installer_multilang.exe, Quarantined, [1fa185998efcbd79d40ac730f40df10f], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_speeditup_installer_multilang.exe, Quarantined, [e6daeb33464471c58d51688f926fa55b], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_superpc_installer_multilang.exe, Quarantined, [328e29f590fa112511cdcd2ab948da26], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_wordproser_pariente_installer_multilang.exe, Quarantined, [10b05dc1068446f0e6f86c8b25dccb35], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_zombie_installer_multilang.exe, Quarantined, [39876db1c0ca6acca43a37c0f30eaa56], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_amonetize_plushd_installer_multilang.exe, Quarantined, [635d87973a50181e5589d4237e83e61a], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_browsergood_installer_multilang.exe, Quarantined, [962a2fefcebc1d19a539ac4b7d8416ea], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [af11a07e2c5e9c9a845a40b77091768a], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_cp_desktopdock_installer_multilang.exe, Quarantined, [229ec25c8bffc076835b6592a25fc838], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [cef21ffff4964fe77e60599ef908d32d], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_cubepile_speedcheck_installer_multilang.exe, Quarantined, [8d33031ba9e12b0b8955ba3d05fc0ef2], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_FlashBeat_installer_multilang.exe, Quarantined, [457b45d95d2dd4628d516493629f9b65], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_iminent_p_installer_multilang.exe, Quarantined, [2a96ac728406e74f5f7f44b3c63bae52], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_istartsurfp_installer_multilang.exe, Quarantined, [6957b16d4d3d93a3449a13e435cc05fb], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_MyStartSearch_installer_multilang.exe, Quarantined, [be02809e0288082eb42af106cc35e818], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_optimizerpro_installer_multilang.exe, Quarantined, [bb05aa74652558de2cb252a542bf7f81], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-1VVNP.tmp\package_plumoweb_installer_multilang.exe, Quarantined, [0bb56bb37b0fef474d91f601e41de51b], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_quickref_installer_multilang.exe, Quarantined, [06ba2af40a80cd694f8ffff8bf42fc04], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_secprotwhite_installer_multilang.exe, Quarantined, [318ff925e1a9bc7a548a30c727dad52b], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [fec2db43e7a3e84e03dbb83fdd240ff1], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_snapdo_linkury_installer_multilang.exe, Quarantined, [8e32110dd8b2c6706c729562bb466d93], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_speeditup_installer_multilang.exe, Quarantined, [536d74aaef9be94dbe2091667b86a957], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_stormpverti_installer_multilang.exe, Quarantined, [ccf468b64c3e2b0bce1048afbf4246ba], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_superpc_installer_multilang.exe, Quarantined, [6b5507171e6c56e0845a94636998a45c], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_taplika_installer_multilang.exe, Quarantined, [bd0348d67d0da591eaf4e2151ae720e0], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_wordproser_pariente_installer_multilang.exe, Quarantined, [0bb5c75792f8cb6b8559a84f5aa75ba5], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_zombie_installer_multilang.exe, Quarantined, [922e3de1e1a957df2cb2b24545bc718f], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_browsergood_installer_multilang.exe, Quarantined, [823eb9654d3d2412fae42ec946bbcc34], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [566a3be3296131058559ae497988857b], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_cp_desktopdock_installer_multilang.exe, Quarantined, [ead62ef04f3be94d1cc26c8b36cb46ba], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [3f8162bc34568caac21c6b8c956c07f9], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_FlashBeat_installer_multilang.exe, Quarantined, [e3ddda4466240432b52954a3b54cfd03], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_gamehug_installer_multilang.exe, Quarantined, [e1df5bc3a0eae94d6f6f6a8d867bdb25], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_linkey_installer_multilang.exe, Quarantined, [427e819de7a3102696488c6b11f07e82], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_MyStartSearch_installer_multilang.exe, Quarantined, [d3ed56c85931fd3918c646b11ce5a759], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_omiga_pariente_installer_multilang.exe, Quarantined, [7a468797612961d5ab33e80ff80914ec], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_optimizerpro_installer_multilang.exe, Quarantined, [754b6faf67230c2adc02c13602ff5aa6], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_plumoweb_installer_multilang.exe, Quarantined, [b10f1b033d4dbc7a27b77a7d827f59a7], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-JO132.tmp\package_plushd_installer_multilang.exe, Quarantined, [358bfb239ded2c0aba2423d4857c847c], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_quickref_installer_multilang.exe, Quarantined, [9f21120c9febbe78449a52a5d52c46ba], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_SByoutube_installer_multilang.exe, Quarantined, [2f9125f96c1ed462c717a453b9487c84], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_secprotwhite_installer_multilang.exe, Quarantined, [fdc353cb46449f976e70827588798b75], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_secureprotect_installer_multilang.exe, Quarantined, [a8180e10ed9d320417c7886fe41da45c], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_snapdo_linkury_installer_multilang.exe, Quarantined, [5e628698c4c6d75f5b8352a5699852ae], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_speeditup_installer_multilang.exe, Quarantined, [f9c722fc0f7bb77f4d91df18f908bb45], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_spimali_installer_multilang.exe, Quarantined, [e7d976a82763d85e6975c82f1ce55ba5], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_superpc_installer_multilang.exe, Quarantined, [c00076a8f89268ce805e1cdbc53c4bb5], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_taplika_installer_multilang.exe, Quarantined, [2c945ac4543656e00dd131c60df422de], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_wordproser_pariente_installer_multilang.exe, Quarantined, [2e92d24c701a0432fce238bf08f9d12f], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_zombie_installer_multilang.exe, Quarantined, [c2fe120cd9b1de58c11d09ee728fbf41], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_amonetize_plushd_installer_multilang.exe, Quarantined, [3a866cb244464beb786654a38a77ba46], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_browsergood_installer_multilang.exe, Quarantined, [744c9c827515d56112cc28cf2cd56799], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_BubbleSound_installer_multilang.exe, Quarantined, [12aede40bbcf65d1fbe31ed918e97c84], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_cp_desktopdock_installer_multilang.exe, Quarantined, [546c7da12d5d41f5edf127d0c33e25db], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [07b939e587030e289b43bf388e73ea16], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_cubepile_speedcheck_installer_multilang.exe, Quarantined, [ad138797167445f14c9230c760a1ea16], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_FlashBeat_installer_multilang.exe, Quarantined, [566ade408a00ce6812cc55a25ba64db3], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_iminent_p_installer_multilang.exe, Quarantined, [fac634ea6a203ef8d40aab4cb849926e], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_istartsurfp_installer_multilang.exe, Quarantined, [9d23cc527713d3631ac48c6b8d74d22e], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_MyStartSearch_installer_multilang.exe, Quarantined, [a31de23c9eec280edc023bbc3ac756aa], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_optimizerpro_installer_multilang.exe, Quarantined, [d2ee120c3e4c1125776755a2b44d728e], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_plumoweb_installer_multilang.exe, Quarantined, [bd039e801872c373607e28cf867bb848], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-T3SQ6.tmp\package_plushd_installer_multilang.exe, Quarantined, [b40c21fd62289a9c924ccb2c17ea1ae6], PUP.Optional.SearchProtect, C:\Users\Nikolas\AppData\Local\Temp\nsbA4AB.tmp\SPtool.dll, Quarantined, [8c34da44fe8c92a4417cb55e8c76be42], PUP.Optional.Tuto4PC.A, C:\Users\Nikolas\AppData\Local\Temp\is-PMBB3.tmp\package_browsergood_installer_multilang.exe, Quarantined, [5b65e737f59580b604da1cdbc8396f91], PUP.Optional.SearchProtect, C:\Windows\Temp\nsdBA9B.tmp\SPtool.dll, Quarantined, [a02076a8543666d03687b95a34ce02fe], PUP.Optional.SearchProtect, C:\Windows\Temp\nsf49A9.tmp\SPtool.dll, Quarantined, [78485cc2206a39fd6f4ee033fa089769], PUP.Optional.SearchProtect, C:\Windows\Temp\nsiB03E.tmp\SPtool.dll, Quarantined, [526ee03e781237ff833a888be81aca36], PUP.Optional.SearchProtect, C:\Windows\Temp\nsoD9DC.tmp\SPtool.dll, Quarantined, [f7c9db4325652a0cc8f5fa19d72bb947], PUP.Optional.SearchProtect, C:\Windows\Temp\nspDD45.tmp\SPtool.dll, Quarantined, [ae12f12d7119d26413aa080ba260ab55], PUP.Optional.SearchProtect, C:\Windows\Temp\nssD8EC.tmp\SPtool.dll, Quarantined, [b50b809ed4b6d75f6e4f5cb74db5837d], PUP.Optional.SearchProtect, C:\Windows\Temp\nst9FC9.tmp\SPtool.dll, Quarantined, [5769e8364f3b69cd308db65dc33fc739], PUP.Optional.SearchProtect, C:\Windows\Temp\nsu4CC2.tmp\SPtool.dll, Quarantined, [b30d8e9085058caa269755be06fc649c], PUP.Optional.SearchProtect, C:\Windows\Temp\nsu9D0E.tmp\SPtool.dll, Quarantined, [8f314ad4fe8ca492912c957e3fc324dc], PUP.Optional.SearchProtect, C:\Windows\Temp\nsw90D0.tmp\SPtool.dll, Quarantined, [cef2a7771f6b52e4b508080bb34fe917], PUP.Optional.SearchProtect, C:\Windows\Temp\nsyA650.tmp\SPtool.dll, Quarantined, [b709fa2441490c2abd00f51eb25032ce], PUP.Optional.SearchProtect, C:\Users\Nikolas\AppData\Local\avaxvavya\avaxvavya.exe, Quarantined, [942c7da1e6a4e650d1ecbf54dc2651af], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\pbqrmvbub, Quarantined, [3a8664ba81092d099ea70ba9e51c2bd5], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Delete-on-Reboot, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Delete-on-Reboot, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [734d8b935a30ea4c1e09850fe71cf709], PUP.Optional.WordProser.A, C:\Windows\System32\drivers\wpnfd_1_10_0_6.sys, Quarantined, [8040a975602a6acca265465a18eb56aa], PUP.Optional.Iminent.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [1aa6fd21a0ea91a57f3a3d74fc0752ae], PUP.Optional.Iminent.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [576919056525a98d9018576b649f25db], PUP.Optional.Vosteran.A, C:\Windows\Tasks\WSE_Vosteran.job, Quarantined, [ad13cb533a509d99d31ee630c045c33d], PUP.Optional.Vosteran.A, C:\Windows\System32\Tasks\WSE_Vosteran, Quarantined, [645c839b5c2e6acc37bbff17d530e818], PUP.Optional.InetStat.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat\InetStat.lnk, Quarantined, [4878be6062282c0abe8bed2abe475aa6], PUP.Optional.AdPeak.A, C:\Program Files\005\vulsrsebjh64.exe, Quarantined, [338d2fef6525ea4c550abc5be12427d9], PUP.Optional.Avaxvavya.A, C:\Windows\System32\Tasks\avaxvavya, Quarantined, [3a86ac72d2b8fd392e73b565b64f18e8], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\background.js, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\icon-128.png, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\icon-16.png, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\icon-48.png, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\manifest.json, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\_metadata\computed_hashes.json, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcnmdehjfeflkohlockkbmoglehckdf\0.1_0\_metadata\verified_contents.json, Quarantined, [9f21f6286f1bf2444f40f274c43ff10f], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\background.js, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\contentScript.js, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\icon-128.png, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\icon-16.png, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\icon-48.png, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\manifest.json, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\script.js, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\_metadata\computed_hashes.json, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.CrossRider.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\0.1_0\_metadata\verified_contents.json, Quarantined, [eed2918d7c0e79bde10cd296b84b41bf], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.FastStart.A, C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, [d9e7d34bdab06bcbf8eb2e3c47bcd927], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [bf01d44a6d1dd2645abbadbf3dc6ab55], PUP.Optional.ZombieNews.A, C:\Users\Nikolas\AppData\Local\ZombieNews\data2.dat, Quarantined, [269ac5599af0de58a666086ab94aa45c], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\a.db, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\b.db, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\b.res, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\c1.res, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\c1_64.res, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\c2.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\c3.res, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\c4.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\i.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\Sqlite3.dll, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\tb32.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\tb64.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\u.arc, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver5BlockAndSurf\temp\Uninstall.exe, Quarantined, [f6caa17dfd8dba7cdeac442fcf341ae6], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.cyl, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\upmbot_de_421.exe, Delete-on-Reboot, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\user_profil.cyp, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\Download\majmp_gentleeu.exe, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\mbot_de_421\1.20\cnf.cyl, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\Users\Nikolas\AppData\Local\mbot_de_421\mbot_de_421\1.20\eorezo.cyl, Quarantined, [269aa57953376ccaa6ec9ad946bdee12], PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY\MyBestOffersToday.lnk, Quarantined, [ecd48f8fbbcfae8845ad12626a994ab6], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\bahvxfk, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\mkfvxfk, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\pvpqbjobmlpfqlovvawq, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\qokvxfk, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\rfobmlpfqlovvawq, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\rpboobmlpfqlovvawq, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\stb.dat, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.SearchProtect.A, C:\Users\Nikolas\AppData\Local\avaxvavya\ycfvxfk, Quarantined, [bc0444dacfbb81b55d36e4a800039e62], PUP.Optional.Trovi.A, C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M533E912E-712F-464B-A3F4-ED22FAF4AE97&SearchSource=55&CUI=&UM=8&UP=SP7AE17A06-E768-4AFB-A707-190BBC97C381&SSPV=",), Replaced,[c1fff32b9cee43f3faecf7055baa31cf] Physical Sectors: 0 (No malicious items detected) (end) |
|
15.02.2015, 21:23
| #6 |
| | Zombie News FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Nikolas (administrator) on KAVELL on 15-02-2015 21:14:07 Running from C:\Users\Nikolas\Desktop Loaded Profiles: Nikolas (Available profiles: Nikolas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (OSBASE) C:\Windows\System32\ddmgr.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Windows\System32\flvga_tray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) B:\programme\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [380928 2013-08-26] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => B:\programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [GoogleChromeAutoLaunch_697551E3D5F86BE391CF7A5E0166653F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\MountPoints2: {1563713d-6c64-11e4-8272-74d4359a6673} - "E:\startme.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:63507;https=127.0.0.1:63507 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default FF DefaultSearchEngine: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> B:\programme\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (TIPP10 - Kostenloser 10-Finger-Schreibtrainer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfcabopgpiohpfcjkpifbmoclclfkhn [2014-06-14] CHR Extension: (Google Docs) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14] CHR Extension: (Google Drive) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14] CHR Extension: (Intelligence Quiz) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2014-06-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03] CHR Extension: (YouTube) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14] CHR Extension: (Musik Songs Spieler) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdenlcnfdjepagejpfajlkicggieknab [2014-06-14] CHR Extension: (Universal VideoMaximizer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnlfphfngnfhjcnoikfhaomaaflaiie [2014-12-27] CHR Extension: (Google-Suche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14] CHR Extension: (Whatsapp™ on pc) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2015-01-14] CHR Extension: (Comment Bank & Report Writer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhocfhmnkdcieijdogcpolgldfmocgn [2014-06-14] CHR Extension: (Type Scout) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-06-14] CHR Extension: (Chrome App Maker) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hciflpkhdfhbipgkdophdcgjieeglhch [2014-12-27] CHR Extension: (CNN RSS News Reader) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikidfffcbojnekagpmbicclbpmagjenc [2014-12-27] CHR Extension: (Google +1-Schaltfläche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-12-27] CHR Extension: (Eingabe-Test - KeyHero) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-06-14] CHR Extension: (IQ Test) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocgohpofmahhbaijdodlekmhklabcnl [2014-06-14] CHR Extension: (Extensions Manager aka Switcher) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-01-14] CHR Extension: (3D Functions Plotter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\naolaacfeloakcdcnenhkeicocefkkfe [2014-06-14] CHR Extension: (World Map) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipmhcphldahmaffcapambikpnmdpbka [2014-06-14] CHR Extension: (audioboxlive dj radio) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmieijlelbhlhijiefopdngdnldbodhi [2014-06-14] CHR Extension: (Google Wallet) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14] CHR Extension: (Wetter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2014-06-14] CHR Extension: (Fox News) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna [2014-12-27] CHR Extension: (Simple typing tutor) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejilophemlijikebkeapcijndnmmhfk [2014-06-14] CHR Extension: (atomshot) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfmllbdhacnbnjgenkeflcmklpkjdcn [2014-12-27] CHR Extension: (Google Mail) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-15] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-15] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ddmgr; C:\Windows\system32\ddmgr.exe [841888 2013-10-31] (OSBASE) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-15] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-15] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices) R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [171168 2013-10-31] (OSBASE) R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [17056 2013-10-31] (OSBASE) S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [171688 2013-11-01] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 21:14 - 2015-02-15 21:14 - 00017693 _____ () C:\Users\Nikolas\Desktop\FRST.txt 2015-02-15 21:14 - 2015-02-15 21:14 - 00000000 ____D () C:\Users\Nikolas\Desktop\FRST-OlderVersion 2015-02-15 21:13 - 2015-02-15 21:13 - 00077915 _____ () C:\Users\Nikolas\Desktop\mbam.txt 2015-02-15 20:17 - 2015-02-15 20:17 - 00000743 _____ () C:\Users\Nikolas\Desktop\JRT.txt 2015-02-15 20:13 - 2015-02-15 20:12 - 01388274 _____ (Thisisu) C:\Users\Nikolas\Desktop\JRT.exe 2015-02-15 20:12 - 2015-02-15 20:12 - 01388274 _____ (Thisisu) C:\Users\Nikolas\Downloads\JRT.exe 2015-02-15 20:12 - 2015-02-15 20:12 - 00007005 _____ () C:\Users\Nikolas\Desktop\AdwCleaner[S0].txt 2015-02-15 20:08 - 2015-02-15 20:10 - 00000000 ____D () C:\AdwCleaner 2015-02-15 20:08 - 2015-02-15 20:08 - 02112512 _____ () C:\Users\Nikolas\Downloads\AdwCleaner_4.110.exe 2015-02-15 19:52 - 2015-02-15 20:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-15 19:52 - 2015-02-15 19:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-15 19:52 - 2015-02-15 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-15 19:51 - 2015-02-15 19:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-15 19:51 - 2015-02-15 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-15 19:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-15 19:51 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-15 19:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-15 19:50 - 2015-02-15 19:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nikolas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-15 19:41 - 2015-02-15 19:41 - 00000755 _____ () C:\Users\Nikolas\Desktop\Revo Uninstaller.lnk 2015-02-15 15:12 - 2015-02-15 21:14 - 00000000 ____D () C:\FRST 2015-02-15 15:11 - 2015-02-15 21:14 - 02085888 _____ (Farbar) C:\Users\Nikolas\Desktop\FRST64.exe 2015-02-12 17:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 17:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 18:24 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 18:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 18:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 18:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 18:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 18:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 18:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 18:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 18:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 18:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 18:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 18:24 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 18:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 18:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 18:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 18:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 18:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 18:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 18:24 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 18:24 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 18:24 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 18:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 18:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 18:24 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 18:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 18:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 18:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 18:24 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 18:24 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 18:24 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 18:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 18:24 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 18:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 18:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 18:24 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 18:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 18:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 18:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 18:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 18:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 18:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 18:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 18:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 18:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 18:24 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 18:24 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 18:24 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 18:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 18:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 18:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 18:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 18:24 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 18:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 18:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 18:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 18:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 18:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 18:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 18:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 18:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 18:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 18:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 18:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 18:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 18:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-09 22:30 - 2015-02-09 22:30 - 00000746 _____ () C:\Users\Nikolas\Desktop\Notepad++.lnk 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Notepad++ 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-04 20:14 - 2015-02-15 20:11 - 00007308 _____ () C:\Windows\setupact.log 2015-02-04 20:14 - 2015-02-04 20:14 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-04 18:13 - 2015-02-04 18:13 - 00002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel 2015-02-01 01:09 - 2015-02-01 01:09 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed (1).zip 2015-02-01 01:09 - 2012-05-12 05:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.exe 2015-01-30 18:01 - 2015-01-30 18:01 - 00000220 _____ () C:\Users\Nikolas\Desktop\Garry's Mod.url 2015-01-30 17:59 - 2015-02-13 21:11 - 04629952 _____ () C:\Users\Nikolas\Desktop\TechnicLauncher.exe 2015-01-29 16:30 - 2015-02-11 18:25 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422545434 2015-01-29 16:30 - 2015-02-11 18:25 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Opera Software 2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Opera Software 2015-01-27 23:29 - 2015-01-27 23:29 - 00000883 _____ () C:\Users\Public\Desktop\SimCity™.lnk 2015-01-27 23:29 - 2015-01-27 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ 2015-01-27 20:40 - 2015-01-27 20:40 - 00000585 _____ () C:\Users\Nikolas\Desktop\eclipse.exe - Verknüpfung.lnk 2015-01-27 20:39 - 2015-01-27 20:39 - 215762517 _____ () C:\Users\Nikolas\Desktop\eclipse-standard-luna-R-win32.zip 2015-01-27 20:32 - 2015-02-06 18:17 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\TS3Client 2015-01-27 20:32 - 2015-01-27 20:32 - 00000733 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-01-27 20:32 - 2015-01-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-26 20:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-26 20:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-01-24 21:56 - 2015-01-24 21:56 - 00000955 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk 2015-01-24 21:56 - 2015-01-24 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4 2015-01-23 22:42 - 2015-01-24 22:40 - 00000000 ____D () C:\Users\Nikolas\Documents\Electronic Arts 2015-01-19 23:12 - 2015-01-19 23:34 - 00000270 _____ () C:\Users\Nikolas\Desktop\geschie.txt 2015-01-19 20:22 - 2015-01-19 20:22 - 00000863 _____ () C:\Users\Public\Desktop\FIFA 14.lnk 2015-01-19 20:22 - 2015-01-19 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14 2015-01-19 15:47 - 2015-01-19 15:46 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.zip 2015-01-18 23:34 - 2015-01-18 23:34 - 00000829 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk 2015-01-18 23:34 - 2015-01-18 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 14 2015-01-18 22:23 - 2015-01-18 22:23 - 00001076 _____ () C:\Users\Public\Desktop\Die Sims 4 Erstelle einen Sim-Demo.lnk 2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4 Erstelle einen Sim-Demo 2015-01-18 22:23 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2015-01-18 20:32 - 2015-01-19 15:38 - 00000041 _____ () C:\Users\Nikolas\Desktop\staeme angriffe stats.txt 2015-01-18 19:32 - 2015-01-18 19:32 - 00000770 _____ () C:\Users\Public\Desktop\FIFA 15.lnk 2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 2015-01-18 17:59 - 2015-01-18 17:59 - 00000728 _____ () C:\Users\Nikolas\Desktop\Format Factory.lnk 2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Public\Documents\Baidu 2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Ashampoo 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\ashampoo 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\ProgramData\Ashampoo 2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\Users\Public\Desktop\GIMP 2.lnk 2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-01-18 00:11 - 2015-01-18 00:11 - 00000734 _____ () C:\Users\Public\Desktop\Blender.lnk 2015-01-18 00:11 - 2015-01-18 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation 2015-01-18 00:08 - 2015-01-18 00:08 - 00001556 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-18 00:08 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-18 00:08 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-18 00:07 - 2015-01-18 00:45 - 00000000 ____D () C:\Program Files\iTunes 2015-01-18 00:07 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\iPod 2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-16 23:25 - 2015-01-17 23:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-16 14:07 - 2015-02-15 20:05 - 00000000 ____D () C:\ProgramData\ocqWmKEcRF ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 21:13 - 2014-06-15 12:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-15 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-15 20:36 - 2014-07-22 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-15 20:33 - 2014-06-14 19:53 - 01341969 _____ () C:\Windows\WindowsUpdate.log 2015-02-15 20:23 - 2014-06-14 20:25 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1395782937-2529212249-1045901662-1001 2015-02-15 20:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-15 20:21 - 2014-06-14 20:29 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-15 20:17 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-15 20:17 - 2014-03-18 10:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-15 20:17 - 2014-03-18 10:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-15 20:12 - 2014-09-14 10:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Skype 2015-02-15 20:11 - 2014-06-14 20:29 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-15 20:11 - 2014-06-14 20:22 - 00000000 ___DO () C:\Users\Nikolas\OneDrive 2015-02-15 20:11 - 2014-03-18 02:50 - 00104414 _____ () C:\Windows\PFRO.log 2015-02-15 20:11 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-15 20:10 - 2014-07-22 12:13 - 00000273 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-15 20:10 - 2014-06-14 20:30 - 00001302 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-15 20:10 - 2014-06-14 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-15 20:10 - 2014-06-14 20:20 - 00001011 _____ () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-15 20:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-15 19:49 - 2014-11-26 07:42 - 00114176 ___SH () C:\Users\Nikolas\Desktop\Thumbs.db 2015-02-15 16:08 - 2014-06-14 20:33 - 00000000 ____D () C:\ProgramData\Origin 2015-02-15 16:08 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-02-15 15:06 - 2014-06-14 20:29 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36B13CAC-EAFF-44D3-AA12-61C9B49E84A1} 2015-02-15 01:21 - 2015-01-14 18:39 - 00000296 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job 2015-02-14 23:31 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-13 21:14 - 2014-08-13 22:48 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.minecraft 2015-02-13 21:11 - 2014-06-14 22:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.technic 2015-02-13 12:24 - 2013-08-22 15:44 - 00457624 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 17:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-12 17:01 - 2015-01-14 18:39 - 00000000 ____D () C:\ProgramData\ProductData 2015-02-11 18:55 - 2014-06-16 13:42 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 18:52 - 2014-06-16 13:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-05 20:01 - 2014-12-23 02:07 - 00000000 ____D () C:\Users\Nikolas\Desktop\blender 2015-02-04 22:28 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-04 20:00 - 2014-09-12 16:37 - 00000000 ____D () C:\Windows\Minidump 2015-02-04 19:36 - 2014-07-22 12:18 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-04 18:13 - 2014-07-03 21:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\gtk-2.0 2015-02-04 18:12 - 2014-07-03 20:46 - 00000000 ____D () C:\Users\Nikolas\.gimp-2.8 2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 19:34 - 2014-06-20 22:41 - 00000000 ____D () C:\Users\Nikolas\Documents\FIFA 14 2015-02-01 23:09 - 2014-06-14 20:20 - 00000000 ____D () C:\Users\Nikolas 2015-02-01 00:56 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-01 00:55 - 2014-06-14 22:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-02-01 00:55 - 2014-06-14 22:58 - 00000000 ____D () C:\Program Files\Java 2015-02-01 00:55 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-30 18:01 - 2014-08-10 10:53 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-23 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-21 21:45 - 2014-07-25 23:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Blender Foundation 2015-01-19 20:21 - 2014-06-20 20:52 - 00279655 _____ () C:\Windows\DirectX.log 2015-01-19 15:55 - 2014-07-01 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:51 - 2014-10-27 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-19 15:50 - 2014-10-27 21:25 - 00000710 _____ () C:\Users\Nikolas\Desktop\WinRAR.lnk 2015-01-19 15:50 - 2014-10-27 21:25 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-18 00:07 - 2014-06-14 22:05 - 00000000 ____D () C:\ProgramData\Apple 2015-01-17 21:52 - 2014-08-13 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-01-17 21:51 - 2014-12-15 18:24 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Unity 2015-01-17 21:50 - 2014-12-15 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2015-01-17 21:45 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-17 20:20 - 2015-01-03 20:11 - 00000000 ____D () C:\xampp 2015-01-16 23:00 - 2014-07-25 23:28 - 00000000 ____D () C:\tmp 2015-01-16 14:13 - 2015-01-14 18:39 - 00000000 ____D () C:\Program Files (x86)\IObit ==================== Files in the root of some directories ======= 2015-02-04 18:13 - 2015-02-04 18:13 - 0002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Nikolas\AppData\Local\Temp\Quarantine.exe C:\Users\Nikolas\AppData\Local\Temp\sqlite3.dll C:\Users\Nikolas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-07 17:30 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Nikolas at 2015-02-15 21:14:36
Running from C:\Users\Nikolas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Easy Mail Recovery (HKLM-x32\...\Easy Mail Recovery) (Version: 2.0 - MunSoft)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Fresco Logic USB VGA Display Driver (HKLM\...\{A57B4026-6DFF-4D4A-81D5-FD4BC0EC0918}) (Version: 1.1.216.0 - Fresco Logic Inc.)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{AD094F97-7764-4E78-BA4E-4FB44CB09858}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3742516F-F06A-413E-9DD9-5B84AE0E7C86}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM-x32\...\MX.{146DFB48-B585-48B9-A407-16DD6F686550}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 (Version: 13.0.0.28 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows - DEU (HKLM-x32\...\{5626bd5c-91ed-4cbb-98e8-2aa80a3ab129}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Opera Stable 27.0.1689.54 (HKLM-x32\...\Opera 27.0.1689.54) (Version: 27.0.1689.54 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> B:\programme\blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {23264D7C-0F9A-4ACD-A952-198F19EA81A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {3BE6DFCC-2B74-4CD9-A68F-0D24515BCA47} - \avaxvavya No Task File <==== ATTENTION
Task: {659D605A-5A41-40B8-AADB-962DB44E7B3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {86732B12-903B-43BD-B142-367F8388A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1EA780A-0B08-43F1-88B9-6067690ED99E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-15] (AVAST Software)
Task: {C1934C96-FF9A-4B77-9ABE-A89B6AFF9D98} - System32\Tasks\Opera scheduled Autoupdate 1422545434 => C:\Program Files (x86)\Opera\launcher.exe [2015-01-23] (Opera Software)
Task: {E3EBC7B4-37D2-4C65-8BA5-7824521C63D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {FF124C6E-4A1F-4D5F-822D-9E48E8518FA1} - System32\Tasks\Uninstaller_SkipUac_Nikolas => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-14] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-11 20:57 - 2013-09-11 20:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-26 02:45 - 2013-08-26 02:45 - 00380928 _____ () C:\Windows\System32\flvga_tray.exe
2013-09-11 20:57 - 2013-09-11 20:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () B:\programme\notepad++\NppShell_06.dll
2015-02-15 20:05 - 2015-02-15 20:05 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021501\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-15 12:38 - 2014-06-15 12:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 12:21 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Nikolas\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\StartupApproved\Run: => "EADM"
==================== Accounts: =============================
Administrator (S-1-5-21-1395782937-2529212249-1045901662-500 - Administrator - Disabled)
Gast (S-1-5-21-1395782937-2529212249-1045901662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1395782937-2529212249-1045901662-1006 - Limited - Enabled)
Nikolas (S-1-5-21-1395782937-2529212249-1045901662-1001 - Administrator - Enabled) => C:\Users\Nikolas
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2015 08:19:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ccc
Startzeit: 01d04953361de2b6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 84ea4d0a-b547-11e4-82aa-74d4359a6673
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (02/15/2015 08:22:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports
Microsoft Office Sessions:
=========================
Error: (02/15/2015 08:19:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689ccc01d04953361de2b64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe84ea4d0a-b547-11e4-82aa-74d4359a6673microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 8156.63 MB
Available physical RAM: 6195.8 MB
Total Pagefile: 16348.63 MB
Available Pagefile: 14076.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive b: (Volume) (Fixed) (Total:1863.01 GB) (Free:1819.22 GB) NTFS
Drive c: () (Fixed) (Total:55.56 GB) (Free:1.59 GB) NTFS
Drive g: (programme) (Fixed) (Total:465.76 GB) (Free:407.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 0DEEBAFD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CFEB1E49)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: C34F5F23)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.02.2015, 17:54
| #7 |
| /// the machine /// TB-Ausbilder | Zombie NewsESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.02.2015, 22:22
| #8 |
| | Zombie News log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=277687c6b835bf4faa520aac7d923619
# engine=22500
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-16 08:34:39
# local_time=2015-02-16 09:34:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 11691784 21286586 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7946708 49000172 0 0
# scanned=234899
# found=13
# cleaned=12
# scan_time=1477
sh=BFA7F8511FF3D51E0606BC065F0C09902BB6E6FF ft=1 fh=c5b494ba53b97366 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\ocqWmKEcRF\dat\WEpDvJ.dll"
sh=3B12E8E127B5137236088CCF7B788BF4CE1549E3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\fibagakbgnpmiidianmojbhblnhbflka\MSmnqJYzI.js.vir"
sh=E40549CEB14A7C06F9F9E9EB92F73ED965E040F4 ft=1 fh=b7b8c96c17c22525 vn="Win32/Patched.NFQ Trojaner (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll"
sh=BFA7F8511FF3D51E0606BC065F0C09902BB6E6FF ft=1 fh=c5b494ba53b97366 vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\ocqWmKEcRF\dat\WEpDvJ.dll"
sh=BB7B6AA35545D75DDE1A9410D497563778F34FD5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\216\RaBCLljk.js"
sh=7F8C747869F3186AF72FB89BA5ABF7B599991FD5 ft=1 fh=14a1aad8771cea45 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Local\Temp\is-4AFN2.tmp\gentlemjmp_ieu.exe"
sh=E3A2D75CDDA635B839063146D2B713643F8B88A1 ft=1 fh=904b7163ed1486ae vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Local\Temp\is-96Q40.tmp\gentlemjmp_ieu.exe"
sh=F0148A26313D8E61A3F4E32FE8A696E5E2030A6D ft=1 fh=c368750b795dd5db vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Local\Temp\is-977LJ.tmp\gentlemjmp_ieu.exe"
sh=B380D24056A5E2A7654C6CF949535FD73AECFE3D ft=1 fh=1b90faec6c3e5926 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Local\Temp\is-GQ6OC.tmp\gentlemjmp_ieu.exe"
sh=61D6F0602328F897A2971F2BD6DC0E6F140C9CE3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\staged\ntgF@p.net\content\bg.js"
sh=5680649456E3F8B877F5DA82C29D14EC08ECC38E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\staged\XL9@c.org\content\bg.js"
sh=781F9B92B453B90F3C04D98B5153DD5C6C26F589 ft=1 fh=135374a5b4967ccc vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Temp\~nsu.tmp\Au_.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Patched.NFQ Trojaner (Enthielt infizierte Datei(en))" ac=C fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` JavaScript Tooling Java SE Development Kit 8 Update 25 JavaScript Tooling Visual Studio Extensions for Windows Library for JavaScript Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Mozilla Thunderbird (31.4.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Nikolas (administrator) on KAVELL on 16-02-2015 22:17:56 Running from C:\Users\Nikolas\Desktop Loaded Profiles: Nikolas (Available profiles: Nikolas) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (OSBASE) C:\Windows\System32\ddmgr.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe () C:\Windows\System32\flvga_tray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) B:\programme\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Users\Nikolas\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [flvga_tray64] => C:\Windows\system32\flvga_tray.exe [380928 2013-08-26] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => B:\programme\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872672 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\MountPoints2: {1563713d-6c64-11e4-8272-74d4359a6673} - "E:\startme.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:63507;https=127.0.0.1:63507 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default FF DefaultSearchEngine: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> B:\programme\iTunes\Mozilla Plugins\npitunes.dll () FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (TIPP10 - Kostenloser 10-Finger-Schreibtrainer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\akfcabopgpiohpfcjkpifbmoclclfkhn [2014-06-14] CHR Extension: (Google Docs) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-14] CHR Extension: (Google Drive) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-14] CHR Extension: (Intelligence Quiz) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddnmcopphcfjagpabphnpdnoemoapgo [2014-06-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03] CHR Extension: (YouTube) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-14] CHR Extension: (Musik Songs Spieler) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdenlcnfdjepagejpfajlkicggieknab [2014-06-14] CHR Extension: (Universal VideoMaximizer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnlfphfngnfhjcnoikfhaomaaflaiie [2014-12-27] CHR Extension: (Google-Suche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-14] CHR Extension: (Whatsapp™ on pc) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2015-01-14] CHR Extension: (Comment Bank & Report Writer) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhocfhmnkdcieijdogcpolgldfmocgn [2014-06-14] CHR Extension: (Type Scout) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-06-14] CHR Extension: (Chrome App Maker) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hciflpkhdfhbipgkdophdcgjieeglhch [2014-12-27] CHR Extension: (CNN RSS News Reader) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikidfffcbojnekagpmbicclbpmagjenc [2014-12-27] CHR Extension: (Google +1-Schaltfläche) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-12-27] CHR Extension: (Eingabe-Test - KeyHero) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-06-14] CHR Extension: (IQ Test) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocgohpofmahhbaijdodlekmhklabcnl [2014-06-14] CHR Extension: (Extensions Manager aka Switcher) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-01-14] CHR Extension: (3D Functions Plotter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\naolaacfeloakcdcnenhkeicocefkkfe [2014-06-14] CHR Extension: (World Map) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipmhcphldahmaffcapambikpnmdpbka [2014-06-14] CHR Extension: (audioboxlive dj radio) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmieijlelbhlhijiefopdngdnldbodhi [2014-06-14] CHR Extension: (Google Wallet) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-14] CHR Extension: (Wetter) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\paafljigflaodeomfbpjcggedcilkoop [2014-06-14] CHR Extension: (Fox News) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna [2014-12-27] CHR Extension: (Simple typing tutor) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejilophemlijikebkeapcijndnmmhfk [2014-06-14] CHR Extension: (atomshot) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfmllbdhacnbnjgenkeflcmklpkjdcn [2014-12-27] CHR Extension: (Google Mail) - C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-15] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-15] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ddmgr; C:\Windows\system32\ddmgr.exe [841888 2013-10-31] (OSBASE) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-15] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-15] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices) R4 ddkmd; C:\Windows\system32\drivers\ddkmd.sys [171168 2013-10-31] (OSBASE) R0 ddkmdldr; C:\Windows\System32\drivers\ddkmdldr.sys [17056 2013-10-31] (OSBASE) S3 FLxHCIv; C:\Windows\System32\Drivers\FLxHCIv.sys [171688 2013-11-01] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 22:17 - 2015-02-16 22:18 - 00017075 _____ () C:\Users\Nikolas\Desktop\FRST.txt 2015-02-16 22:17 - 2015-02-16 22:17 - 00001114 _____ () C:\Users\Nikolas\Desktop\checkup.txt 2015-02-16 22:16 - 2015-02-16 22:16 - 00852594 _____ () C:\Users\Nikolas\Desktop\SecurityCheck.exe 2015-02-16 21:04 - 2015-02-16 21:05 - 02347384 _____ (ESET) C:\Users\Nikolas\Downloads\esetsmartinstaller_deu.exe 2015-02-15 21:17 - 2015-02-15 21:17 - 00029667 _____ () C:\Users\Nikolas\Desktop\datei.zip 2015-02-15 21:14 - 2015-02-15 21:17 - 00000000 ____D () C:\Users\Nikolas\Desktop\datei 2015-02-15 21:14 - 2015-02-15 21:14 - 00000000 ____D () C:\Users\Nikolas\Desktop\FRST-OlderVersion 2015-02-15 20:13 - 2015-02-15 20:12 - 01388274 _____ (Thisisu) C:\Users\Nikolas\Desktop\JRT.exe 2015-02-15 20:12 - 2015-02-15 20:12 - 01388274 _____ (Thisisu) C:\Users\Nikolas\Downloads\JRT.exe 2015-02-15 20:08 - 2015-02-15 20:10 - 00000000 ____D () C:\AdwCleaner 2015-02-15 20:08 - 2015-02-15 20:08 - 02112512 _____ () C:\Users\Nikolas\Downloads\AdwCleaner_4.110.exe 2015-02-15 19:52 - 2015-02-16 22:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-15 19:52 - 2015-02-15 19:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-15 19:52 - 2015-02-15 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-15 19:51 - 2015-02-15 19:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-15 19:51 - 2015-02-15 19:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-15 19:51 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-15 19:51 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-15 19:51 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-15 19:50 - 2015-02-15 19:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nikolas\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-15 19:41 - 2015-02-15 19:41 - 00000755 _____ () C:\Users\Nikolas\Desktop\Revo Uninstaller.lnk 2015-02-15 15:12 - 2015-02-16 22:17 - 00000000 ____D () C:\FRST 2015-02-15 15:11 - 2015-02-15 21:14 - 02085888 _____ (Farbar) C:\Users\Nikolas\Desktop\FRST64.exe 2015-02-12 17:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-12 17:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 18:24 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 18:24 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 18:24 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 18:24 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 18:24 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 18:24 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 18:24 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 18:24 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 18:24 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 18:24 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 18:24 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 18:24 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 18:24 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 18:24 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 18:24 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 18:24 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 18:24 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 18:24 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 18:24 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 18:24 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 18:24 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 18:24 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 18:24 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 18:24 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 18:24 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 18:24 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 18:24 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 18:24 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 18:24 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 18:24 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 18:24 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 18:24 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 18:24 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 18:24 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 18:24 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 18:24 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 18:24 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 18:24 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 18:24 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 18:24 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 18:24 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 18:24 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 18:24 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 18:24 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 18:24 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 18:24 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 18:24 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 18:24 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 18:24 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 18:24 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 18:24 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 18:24 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 18:24 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 18:24 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 18:24 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 18:24 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 18:24 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 18:24 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 18:24 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 18:24 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 18:24 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 18:24 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 18:24 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 18:24 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 18:24 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-09 22:30 - 2015-02-09 22:30 - 00000746 _____ () C:\Users\Nikolas\Desktop\Notepad++.lnk 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Notepad++ 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-09 22:30 - 2015-02-09 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-02-04 20:14 - 2015-02-16 22:12 - 00008219 _____ () C:\Windows\setupact.log 2015-02-04 20:14 - 2015-02-04 20:14 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-04 18:13 - 2015-02-04 18:13 - 00002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel 2015-02-01 01:09 - 2015-02-01 01:09 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed (1).zip 2015-02-01 01:09 - 2012-05-12 05:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.exe 2015-01-30 18:01 - 2015-01-30 18:01 - 00000220 _____ () C:\Users\Nikolas\Desktop\Garry's Mod.url 2015-01-30 17:59 - 2015-02-13 21:11 - 04629952 _____ () C:\Users\Nikolas\Desktop\TechnicLauncher.exe 2015-01-29 16:30 - 2015-02-11 18:25 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422545434 2015-01-29 16:30 - 2015-02-11 18:25 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-01-29 16:30 - 2015-01-29 16:30 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Opera Software 2015-01-29 16:30 - 2015-01-29 16:30 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Opera Software 2015-01-27 23:29 - 2015-01-27 23:29 - 00000883 _____ () C:\Users\Public\Desktop\SimCity™.lnk 2015-01-27 23:29 - 2015-01-27 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™ 2015-01-27 20:40 - 2015-01-27 20:40 - 00000585 _____ () C:\Users\Nikolas\Desktop\eclipse.exe - Verknüpfung.lnk 2015-01-27 20:39 - 2015-01-27 20:39 - 215762517 _____ () C:\Users\Nikolas\Desktop\eclipse-standard-luna-R-win32.zip 2015-01-27 20:32 - 2015-02-06 18:17 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\TS3Client 2015-01-27 20:32 - 2015-01-27 20:32 - 00000733 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-01-27 20:32 - 2015-01-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-26 20:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-26 20:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-01-24 21:56 - 2015-01-24 21:56 - 00000955 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk 2015-01-24 21:56 - 2015-01-24 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4 2015-01-23 22:42 - 2015-01-24 22:40 - 00000000 ____D () C:\Users\Nikolas\Documents\Electronic Arts 2015-01-19 23:12 - 2015-01-19 23:34 - 00000270 _____ () C:\Users\Nikolas\Desktop\geschie.txt 2015-01-19 20:22 - 2015-01-19 20:22 - 00000863 _____ () C:\Users\Public\Desktop\FIFA 14.lnk 2015-01-19 20:22 - 2015-01-19 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14 2015-01-19 15:47 - 2015-01-19 15:46 - 04117346 _____ () C:\Users\Nikolas\Desktop\MotioninJoy_071001_signed.zip 2015-01-18 23:34 - 2015-01-18 23:34 - 00000829 _____ () C:\Users\Public\Desktop\FUSSBALL MANAGER 14.lnk 2015-01-18 23:34 - 2015-01-18 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 14 2015-01-18 22:23 - 2015-01-18 22:23 - 00001076 _____ () C:\Users\Public\Desktop\Die Sims 4 Erstelle einen Sim-Demo.lnk 2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4 Erstelle einen Sim-Demo 2015-01-18 22:23 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2015-01-18 20:32 - 2015-01-19 15:38 - 00000041 _____ () C:\Users\Nikolas\Desktop\staeme angriffe stats.txt 2015-01-18 19:32 - 2015-01-18 19:32 - 00000770 _____ () C:\Users\Public\Desktop\FIFA 15.lnk 2015-01-18 19:32 - 2015-01-18 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 2015-01-18 17:59 - 2015-01-18 17:59 - 00000728 _____ () C:\Users\Nikolas\Desktop\Format Factory.lnk 2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Public\Documents\Baidu 2015-01-18 17:59 - 2015-01-18 17:59 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Ashampoo 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\ashampoo 2015-01-18 17:55 - 2015-01-18 17:55 - 00000000 ____D () C:\ProgramData\Ashampoo 2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\Users\Public\Desktop\GIMP 2.lnk 2015-01-18 00:33 - 2015-01-18 00:33 - 00000750 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-01-18 00:11 - 2015-01-18 00:11 - 00000734 _____ () C:\Users\Public\Desktop\Blender.lnk 2015-01-18 00:11 - 2015-01-18 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation 2015-01-18 00:08 - 2015-01-18 00:08 - 00001556 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-18 00:08 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-18 00:08 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-18 00:07 - 2015-01-18 00:45 - 00000000 ____D () C:\Program Files\iTunes 2015-01-18 00:07 - 2015-01-18 00:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\iPod 2015-01-18 00:07 - 2015-01-18 00:07 - 00000000 ____D () C:\Program Files\Common Files\Apple ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 22:17 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-16 22:17 - 2014-03-18 10:25 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-16 22:17 - 2014-03-18 10:25 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-16 22:16 - 2014-06-14 20:29 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-16 22:14 - 2014-06-15 12:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-16 22:13 - 2014-09-14 10:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Skype 2015-02-16 22:13 - 2014-06-14 19:53 - 01700780 _____ () C:\Windows\WindowsUpdate.log 2015-02-16 22:12 - 2014-06-14 20:22 - 00000000 ___DO () C:\Users\Nikolas\OneDrive 2015-02-16 22:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-16 22:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-16 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-16 21:36 - 2014-07-22 12:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-16 20:33 - 2014-06-14 20:29 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{36B13CAC-EAFF-44D3-AA12-61C9B49E84A1} 2015-02-16 14:58 - 2014-06-14 20:33 - 00000000 ____D () C:\ProgramData\Origin 2015-02-16 14:58 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-02-16 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-15 20:23 - 2014-06-14 20:25 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1395782937-2529212249-1045901662-1001 2015-02-15 20:11 - 2014-03-18 02:50 - 00104414 _____ () C:\Windows\PFRO.log 2015-02-15 20:10 - 2014-07-22 12:13 - 00000273 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-15 20:10 - 2014-06-14 20:20 - 00001011 _____ () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-15 20:05 - 2015-01-16 14:07 - 00000000 ____D () C:\ProgramData\ocqWmKEcRF 2015-02-15 19:49 - 2014-11-26 07:42 - 00114176 ___SH () C:\Users\Nikolas\Desktop\Thumbs.db 2015-02-15 01:21 - 2015-01-14 18:39 - 00000296 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job 2015-02-14 23:31 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-13 21:14 - 2014-08-13 22:48 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.minecraft 2015-02-13 21:11 - 2014-06-14 22:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\.technic 2015-02-13 12:24 - 2013-08-22 15:44 - 00457624 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 17:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-12 17:01 - 2015-01-14 18:39 - 00000000 ____D () C:\ProgramData\ProductData 2015-02-11 18:55 - 2014-06-16 13:42 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 18:52 - 2014-06-16 13:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-05 20:01 - 2014-12-23 02:07 - 00000000 ____D () C:\Users\Nikolas\Desktop\blender 2015-02-04 22:28 - 2014-06-14 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-04 20:00 - 2014-09-12 16:37 - 00000000 ____D () C:\Windows\Minidump 2015-02-04 19:36 - 2014-07-22 12:18 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-04 18:13 - 2014-07-03 21:33 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\gtk-2.0 2015-02-04 18:12 - 2014-07-03 20:46 - 00000000 ____D () C:\Users\Nikolas\.gimp-2.8 2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 19:34 - 2014-06-20 22:41 - 00000000 ____D () C:\Users\Nikolas\Documents\FIFA 14 2015-02-01 23:09 - 2014-06-14 20:20 - 00000000 ____D () C:\Users\Nikolas 2015-02-01 00:56 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-01 00:55 - 2014-06-14 22:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-02-01 00:55 - 2014-06-14 22:58 - 00000000 ____D () C:\Program Files\Java 2015-02-01 00:55 - 2014-06-14 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-30 18:01 - 2014-08-10 10:53 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-23 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-01-21 21:45 - 2014-07-25 23:28 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Blender Foundation 2015-01-19 20:21 - 2014-06-20 20:52 - 00279655 _____ () C:\Windows\DirectX.log 2015-01-19 15:55 - 2014-07-01 21:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:51 - 2014-10-27 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-19 15:50 - 2014-10-27 21:25 - 00000710 _____ () C:\Users\Nikolas\Desktop\WinRAR.lnk 2015-01-19 15:50 - 2014-10-27 21:25 - 00000000 ____D () C:\Users\Nikolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-18 00:07 - 2014-06-14 22:05 - 00000000 ____D () C:\ProgramData\Apple 2015-01-17 23:58 - 2015-01-16 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-17 21:52 - 2014-08-13 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2015-01-17 21:51 - 2014-12-15 18:24 - 00000000 ____D () C:\Users\Nikolas\AppData\Local\Unity 2015-01-17 21:50 - 2014-12-15 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2015-01-17 21:45 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-17 20:20 - 2015-01-03 20:11 - 00000000 ____D () C:\xampp ==================== Files in the root of some directories ======= 2015-02-04 18:13 - 2015-02-04 18:13 - 0002123 _____ () C:\Users\Nikolas\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Nikolas\AppData\Local\Temp\Quarantine.exe C:\Users\Nikolas\AppData\Local\Temp\sqlite3.dll C:\Users\Nikolas\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-07 17:30 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Nikolas at 2015-02-16 22:18:28
Running from C:\Users\Nikolas\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{00957033-C081-5235-665A-A014A6E2FF7B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)
Die Sims™ 4 Erstelle einen Sim-Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Easy Mail Recovery (HKLM-x32\...\Easy Mail Recovery) (Version: 2.0 - MunSoft)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FormatFactory 3.5.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.1.0 - Format Factory)
Fresco Logic USB VGA Display Driver (HKLM\...\{A57B4026-6DFF-4D4A-81D5-FD4BC0EC0918}) (Version: 1.1.216.0 - Fresco Logic Inc.)
FUSSBALL MANAGER 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{AD094F97-7764-4E78-BA4E-4FB44CB09858}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium (HKLM-x32\...\MAGIX_{00A8886C-FF3D-4B52-A95D-321735687B32}) (Version: 19.0.5.57 - MAGIX AG)
MAGIX Music Maker 2013 Premium (Version: 19.0.5.57 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Studio (HKLM-x32\...\MAGIX_{58AF1918-E670-44DF-BE45-BF5014AF144C}) (Version: 19.0.0.12 - MAGIX AG)
MAGIX Music Studio (Version: 19.0.0.12 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{3742516F-F06A-413E-9DD9-5B84AE0E7C86}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM-x32\...\MX.{146DFB48-B585-48B9-A407-16DD6F686550}) (Version: 13.0.0.28 - MAGIX AG)
MAGIX Video deluxe 2014 (Version: 13.0.0.28 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows - DEU (HKLM-x32\...\{5626bd5c-91ed-4cbb-98e8-2aa80a3ab129}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Opera Stable 27.0.1689.54 (HKLM-x32\...\Opera 27.0.1689.54) (Version: 27.0.1689.54 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Trials Fusion (HKLM-x32\...\Uplay Install 297) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> B:\programme\blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1395782937-2529212249-1045901662-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nikolas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {23264D7C-0F9A-4ACD-A952-198F19EA81A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {3BE6DFCC-2B74-4CD9-A68F-0D24515BCA47} - \avaxvavya No Task File <==== ATTENTION
Task: {86732B12-903B-43BD-B142-367F8388A944} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1EA780A-0B08-43F1-88B9-6067690ED99E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-15] (AVAST Software)
Task: {C1934C96-FF9A-4B77-9ABE-A89B6AFF9D98} - System32\Tasks\Opera scheduled Autoupdate 1422545434 => C:\Program Files (x86)\Opera\launcher.exe [2015-01-23] (Opera Software)
Task: {FF124C6E-4A1F-4D5F-822D-9E48E8518FA1} - System32\Tasks\Uninstaller_SkipUac_Nikolas => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-14] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Nikolas.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-11 20:57 - 2013-09-11 20:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-26 02:45 - 2013-08-26 02:45 - 00380928 _____ () C:\Windows\System32\flvga_tray.exe
2013-09-11 20:57 - 2013-09-11 20:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-16 22:16 - 2015-02-16 22:16 - 00852594 _____ () C:\Users\Nikolas\Desktop\SecurityCheck.exe
2015-02-16 16:29 - 2015-02-16 16:29 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021600\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-16 23:25 - 2015-01-16 23:25 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-06-15 12:38 - 2014-06-15 12:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Nikolas\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1395782937-2529212249-1045901662-1001\...\StartupApproved\Run: => "EADM"
==================== Accounts: =============================
Administrator (S-1-5-21-1395782937-2529212249-1045901662-500 - Administrator - Disabled)
Gast (S-1-5-21-1395782937-2529212249-1045901662-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1395782937-2529212249-1045901662-1006 - Limited - Enabled)
Nikolas (S-1-5-21-1395782937-2529212249-1045901662-1001 - Administrator - Enabled) => C:\Users\Nikolas
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/16/2015 10:16:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/16/2015 10:10:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/16/2015 09:06:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/16/2015 09:06:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/16/2015 09:06:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (02/15/2015 08:19:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ccc
Startzeit: 01d04953361de2b6
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 84ea4d0a-b547-11e4-82aa-74d4359a6673
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (02/16/2015 10:11:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (02/16/2015 02:40:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports
Error: (02/16/2015 00:03:03 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (02/15/2015 11:40:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports
Error: (02/15/2015 11:35:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports
Error: (02/15/2015 10:38:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5
Error: (02/15/2015 09:20:06 PM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/15/2015 09:19:36 PM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/15/2015 09:19:06 PM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (02/15/2015 09:18:36 PM) (Source: DCOM) (EventID: 10010) (User: KAVELL)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
Error: (02/16/2015 10:16:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Nikolas\Downloads\esetsmartinstaller_deu.exe
Error: (02/16/2015 10:10:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (02/16/2015 09:06:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Nikolas\Downloads\esetsmartinstaller_deu.exe
Error: (02/16/2015 09:06:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Nikolas\Downloads\esetsmartinstaller_deu.exe
Error: (02/16/2015 09:06:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Nikolas\Downloads\esetsmartinstaller_deu.exe
Error: (02/15/2015 08:19:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689ccc01d04953361de2b64294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe84ea4d0a-b547-11e4-82aa-74d4359a6673microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 8156.63 MB
Available physical RAM: 6009.68 MB
Total Pagefile: 9820.63 MB
Available Pagefile: 7365.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive b: (Volume) (Fixed) (Total:1863.01 GB) (Free:1819.22 GB) NTFS
Drive c: () (Fixed) (Total:55.56 GB) (Free:8.28 GB) NTFS
Drive g: (programme) (Fixed) (Total:465.76 GB) (Free:407.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 0DEEBAFD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CFEB1E49)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: C34F5F23)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 |
|
17.02.2015, 13:15
| #9 |
| /// the machine /// TB-Ausbilder | Zombie News Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
C:\Users\All Users\ocqWmKEcRF
C:\AdwCleaner\Quarantine\C\ProgramData\fibagakbgnpmiidianmojbhblnhbflka\MSmnqJYzI.js.vir
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll
C:\ProgramData\ocqWmKEcRF\dat\WEpDvJ.dll
C:\Users\Nikolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc\216\RaBCLljk.js
C:\Users\Nikolas\AppData\Local\Temp\is-4AFN2.tmp\gentlemjmp_ieu.exe
C:\Users\Nikolas\AppData\Local\Temp\is-96Q40.tmp\gentlemjmp_ieu.exe
C:\Users\Nikolas\AppData\Local\Temp\is-977LJ.tmp\gentlemjmp_ieu.exe
C:\Users\Nikolas\AppData\Local\Temp\is-GQ6OC.tmp\gentlemjmp_ieu.exe
C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\staged\ntgF@p.net\content\bg.js
C:\Users\Nikolas\AppData\Roaming\Mozilla\Firefox\Profiles\t8t5na1b.default\extensions\staged\XL9@c.org\content\bg.js
C:\Windows\Temp\~nsu.tmp\Au_.exe
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:63507;https=127.0.0.1:63507
Task: {3BE6DFCC-2B74-4CD9-A68F-0D24515BCA47} - \avaxvavya No Task File <==== ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
Linear-Darstellung
