Extreme Anzahl an Popups/Ads Windows 8

dompo · 24.05.2015, 19:59

Hallo liebes Trojaner-Board,

zunaechst weiss ich nicht, was meine Freundin angestellt hat aber sie bekommt seit neuestem extrem viele Popups und Werbeanzeigen in ihrem google chrome browser (internet explorer nutzt sie nicht)

So viele, dass ein normales arbeiten am PC nicht mehr moeglich ist / war...

Ich habe zunaechst mit glary utilities alle ueblichen fehler behoben und die coockies geloescht, ich dachte das reicht. Das Problem war nicht behoben, dann habe ich ad blocker plus installiert somit kann man etwas besser arbeiten aber in der Zeit in der ich hier schreibe habe ich bereits 86 geblockte ads ...

Fuer mich sieht das nach einem Trojaner aus und ich kenne euer board weil ich ueber euch schon einmal ein Problem behoben habe ... ich hoffe ihr koennt mir nochmal helfen ..

Danke schon einmal
Liebe Gruesse
Dompo

schrauber · 24.05.2015, 21:24

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

dompo · 25.05.2015, 16:15

Hallo Schrauber

vielen Dank dass Ich bin ab morgen bis Donnerstag auf einer Geschaeftsreise daher antworte ich wohl erst am Freitag wieder (evtl. bekomme ich morgen frueh / nachmittags noch eine weitere aktion hin... daher bitte nicht den Thread schliessen

Hier sind die gewuenschten logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Chioma (administrator) on BADBETCH on 25-05-2015 17:05:08
Running from C:\Users\Chioma\Downloads
Loaded Profiles: Chioma (Available Profiles: Chioma)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
(Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HDPlus-3.1TotalV10.02) C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(FileProperties_CompanyName) C:\Program Files (x86)\disco games\disco_games_notification_service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(PC Utilities Software Limited) C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.38\OptProReminder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.38\OptimizerPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(FileProperties_CompanyName) C:\Program Files (x86)\disco games\disco_games_notification_service.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YUBJJE.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-03] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe [148024 2015-02-09] (PC Utilities Software Limited)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk [2015-02-10]
ShortcutTarget: OPTISetup.lnk -> C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe (PC Utilities Software Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: saaverebioX -> {712185FF-60C8-4FB6-8727-BDFAD10AFCEA} -> C:\Program Files (x86)\saaverebioX\dilFIapx5sl9BK.x64.dll [2015-05-19] ()
BHO: PrinceCOupoon -> {94C45CCB-66C0-4823-9E5A-C6933CF5CA0C} -> C:\Program Files (x86)\PrinceCOupoon\W535iNW4l3K9Kx.x64.dll [2015-05-21] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: LuckYCOuupuone -> {E3876FB7-B1BD-4C77-BD50-94165251F7B5} -> C:\Program Files (x86)\LuckYCOuupuone\U2O5FrVLw8OBxo.x64.dll [2015-05-21] ()
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: saaverebioX -> {712185FF-60C8-4FB6-8727-BDFAD10AFCEA} -> C:\Program Files (x86)\saaverebioX\dilFIapx5sl9BK.dll [2015-05-19] ()
BHO-x32: PrinceCOupoon -> {94C45CCB-66C0-4823-9E5A-C6933CF5CA0C} -> C:\Program Files (x86)\PrinceCOupoon\W535iNW4l3K9Kx.dll [2015-05-21] ()
BHO-x32: LuckYCOuupuone -> {E3876FB7-B1BD-4C77-BD50-94165251F7B5} -> C:\Program Files (x86)\LuckYCOuupuone\U2O5FrVLw8OBxo.dll [2015-05-21] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3740528191-2975148286-2186109717-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2015-05-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Google Drive) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (YouTube) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Adblock Plus) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-24]
CHR Extension: (cghglbggfogikpminlhbocmmbkppikhf) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2015-02-17]
CHR Extension: (Google Search) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (eokdcgmibpioegghefegkcdjcbiggefe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2015-02-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-21]
CHR Extension: (Website Logon) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-20]
CHR Extension: (Bookmark) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2015-05-21]
CHR Extension: (Effective Measure Community Plugin) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnpkkogjm [2015-04-20]
CHR Extension: (Google Wallet) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Simple Units Converter) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjehmknlpomniikcbeldooclffegofcc [2015-02-25]
CHR Extension: (Gmail) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1652280 2015-02-10] () <==== ATTENTION
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-15] (Advanced Micro Devices, Inc.) []
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [393880 2015-05-20] (Taiwan Shui Mu Chih Ching Technology Limited)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-03] (IDT, Inc.) []
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-02-12] () []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112 2015-05-20] (Windows SysTool) [] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-18] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\ENG64.SYS [126040 2014-06-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\EX64.SYS [2099288 2014-06-03] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-08-03] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-08-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 17:05 - 2015-05-25 17:05 - 00026244 _____ () C:\Users\Chioma\Downloads\FRST.txt
2015-05-25 17:05 - 2015-05-25 17:05 - 00000000 ____D () C:\FRST
2015-05-25 17:04 - 2015-05-25 17:04 - 02108416 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64.exe
2015-05-25 17:04 - 2015-05-25 17:04 - 02108416 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64 (1).exe
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\RoyoalCouppon
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\PrinceCOupoon
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\LuckYCOuupuone
2015-05-21 09:04 - 2015-05-21 09:04 - 00000000 ____D () C:\Program Files (x86)\Bookmark
2015-05-20 23:28 - 2015-05-23 09:54 - 00000000 ____D () C:\Program Files (x86)\Picexa
2015-05-20 23:28 - 2015-05-20 23:28 - 00001812 _____ () C:\Users\Public\Desktop\Picexa.lnk
2015-05-20 23:28 - 2015-05-20 23:28 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Picexa Viewer
2015-05-20 23:28 - 2015-05-20 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2015-05-20 22:54 - 2015-05-24 20:02 - 00000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-05-20 11:59 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:59 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 12:04 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-19 12:04 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-19 12:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-19 12:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-19 12:02 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-19 12:02 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-19 12:02 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-19 12:02 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-19 12:02 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-19 11:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-19 11:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-19 11:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-19 11:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-19 11:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-19 11:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-19 11:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-19 11:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-19 11:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-19 11:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-19 11:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-19 11:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-19 11:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-19 11:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-19 11:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-19 11:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-19 11:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-19 11:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-19 11:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-19 11:50 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-19 11:50 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-19 11:50 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-19 11:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-19 11:50 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-19 11:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-19 11:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-19 11:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-19 11:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-19 11:50 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-19 11:50 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-19 11:50 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-19 11:50 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-19 11:50 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-19 11:50 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-19 11:50 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-19 11:50 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-19 11:50 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-19 11:50 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-19 11:50 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-19 11:50 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-19 11:50 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-19 11:46 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\saaverebioX
2015-05-05 16:15 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\SAlesMaaugnet
2015-05-05 16:14 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\ClickoForSale
2015-05-05 16:14 - 2015-05-05 16:14 - 00000000 ____D () C:\Program Files (x86)\Talking Tom Cat Kid Ginger
2015-05-05 16:14 - 2015-05-05 16:14 - 00000000 ____D () C:\Program Files (x86)\ShopperMAster
2015-04-30 07:52 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\eAsytoshoop
2015-04-28 13:34 - 2015-04-28 13:34 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (2).exe
2015-04-28 13:34 - 2015-04-28 13:34 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (1).exe
2015-04-28 13:33 - 2015-04-28 13:33 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 17:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-25 17:01 - 2015-04-04 23:20 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-25 15:33 - 2015-04-19 14:33 - 00001348 _____ () C:\WINDOWS\Tasks\disco_games_notification_service.job
2015-05-25 15:30 - 2014-08-02 17:09 - 01579814 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 15:30 - 2014-01-05 20:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3740528191-2975148286-2186109717-1002
2015-05-25 15:19 - 2014-01-05 19:57 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8F2EDA-FDC7-4E5E-AF44-F4526782A5B1}
2015-05-25 15:17 - 2015-02-10 19:49 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2015-05-24 20:50 - 2015-02-10 19:50 - 00003158 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job
2015-05-24 20:50 - 2015-02-10 19:50 - 00002132 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job
2015-05-24 20:45 - 2015-02-10 19:45 - 00003152 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job
2015-05-24 20:44 - 2015-02-10 19:44 - 00005532 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job
2015-05-24 20:44 - 2015-02-10 19:44 - 00002126 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job
2015-05-24 20:35 - 2014-01-29 12:30 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job
2015-05-24 20:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVPlayer
2015-05-24 20:11 - 2014-01-05 20:01 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Macromedia
2015-05-24 20:04 - 2014-01-20 00:40 - 00000000 ____D () C:\Users\Chioma\Documents\Youcam
2015-05-24 20:02 - 2014-08-03 13:05 - 00000000 ___DO () C:\Users\Chioma\OneDrive
2015-05-24 20:01 - 2015-04-20 14:37 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-24 20:01 - 2015-04-19 14:33 - 00000710 _____ () C:\WINDOWS\Tasks\disco_games_updating_service.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00003494 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00002466 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00002466 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job
2015-05-24 20:01 - 2015-02-10 19:46 - 00001014 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00003152 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00002460 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00002460 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job
2015-05-24 20:01 - 2015-02-10 19:44 - 00005196 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job
2015-05-24 20:01 - 2015-01-24 22:38 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2015-05-24 20:01 - 2014-02-13 00:36 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 09:56 - 2014-03-18 12:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 09:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-23 09:51 - 2015-03-25 17:22 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job
2015-05-23 09:51 - 2014-03-18 11:54 - 00021836 _____ () C:\WINDOWS\PFRO.log
2015-05-23 09:51 - 2013-08-22 16:46 - 00306350 _____ () C:\WINDOWS\setupact.log
2015-05-23 09:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 09:51 - 2013-08-22 16:44 - 00381368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 09:49 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-23 09:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-23 09:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-22 12:55 - 2015-02-10 19:46 - 00001018 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-21 16:20 - 2014-02-13 00:36 - 00002420 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 09:05 - 2015-02-25 16:09 - 00000000 ____D () C:\ProgramData\3385033030442911627
2015-05-20 23:24 - 2015-02-10 19:48 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-20 23:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 23:23 - 2015-02-10 19:47 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-20 22:38 - 2015-03-25 17:22 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForChioma
2015-05-20 22:37 - 2014-01-08 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-20 11:59 - 2014-01-07 21:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-19 17:21 - 2014-01-07 21:49 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-19 14:18 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 12:13 - 2014-02-13 00:36 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 12:13 - 2014-02-13 00:36 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 12:13 - 2014-02-13 00:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 11:48 - 2014-02-01 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-19 11:46 - 2015-04-04 23:41 - 00000000 ____D () C:\Program Files (x86)\saverOn
2015-05-19 11:35 - 2014-01-29 12:30 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job
2015-05-09 00:15 - 2015-03-02 16:38 - 00000020 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr3.bin
2015-05-05 19:59 - 2015-03-12 18:17 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 18:17 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 07:52 - 2015-04-20 15:15 - 00000000 ____D () C:\Program Files (x86)\RoyalSheopuperAPp
2015-04-30 07:52 - 2015-04-20 15:15 - 00000000 ____D () C:\Program Files (x86)\LLuckyCouuPon
2015-04-30 07:52 - 2015-03-23 14:06 - 00000000 ____D () C:\Program Files (x86)\ExtraSHoppEr
2015-04-30 07:52 - 2015-03-23 14:05 - 00000000 ____D () C:\Program Files (x86)\SihOpuperMasatero
2015-04-30 07:52 - 2015-03-06 14:57 - 00000000 ____D () C:\Program Files (x86)\FlAoshCoupon

==================== Files in the root of some directories =======

2015-05-20 22:54 - 2015-05-24 20:02 - 0000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-03-02 16:38 - 2015-05-09 00:15 - 0000020 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr3.bin

Some files in TEMP:
====================
C:\Users\Chioma\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-23 10:02

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Chioma at 2015-05-25 17:06:57
Running from C:\Users\Chioma\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3740528191-2975148286-2186109717-500 - Administrator - Disabled)
Chioma (S-1-5-21-3740528191-2975148286-2186109717-1002 - Administrator - Enabled) => C:\Users\Chioma
Guest (S-1-5-21-3740528191-2975148286-2186109717-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3740528191-2975148286-2186109717-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{6E20D0AE-0E89-2FE7-4F69-C1A2799EFA65}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookmark (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version: - "") <==== ATTENTION
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deAL4me (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - "") <==== ATTENTION
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Effective Measure Community Plugin (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version: - "")
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GoldenCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - GoldenCoupon) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
KingCoaupon (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version: - "") <==== ATTENTION
LuckYCOuupuone (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "") <==== ATTENTION
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrinceCOupoon (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "") <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickMark QR Code Extension (HKLM-x32\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - "") <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
RoyoalCouppon (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "") <==== ATTENTION
saaverebioX (HKLM-x32\...\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}) (Version: - "") <==== ATTENTION
SaaveRPRuo (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version: - SaverPro) <==== ATTENTION
ShopperMAster (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version: - "") <==== ATTENTION
Simple Units Converter (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Talking Tom Cat Kid Ginger (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "")
TheHDvid-Codec V10 (HKLM-x32\...\TheHDvid-Codec V10) (Version: 1.36.01.22 - home) <==== ATTENTION
TotalPlusHD-3.1V10.02 (HKLM-x32\...\TotalPlusHD-3.1V10.02) (Version: 1.36.01.22 - HDPlus-3.1TotalV10.02) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{3DA747CA-A84B-4821-9F18-5807214AB79A}) (Version: 4.5.117.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

30-04-2015 10:14:25 Scheduled Checkpoint
09-05-2015 01:38:02 Scheduled Checkpoint
19-05-2015 14:16:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B7C204-1425-4B82-BB61-F5794A292425} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-29] (Facebook Inc.)
Task: {133C6B3D-2DFB-4C1F-B121-0F836724E7D3} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {1DFAD26E-49BA-4BCA-B912-E255164C024C} - System32\Tasks\disco_games_notification_service => C:\Program Files (x86)\disco games\disco_games_notification_service.exe [2015-04-19] (FileProperties_CompanyName) <==== ATTENTION
Task: {1FF5EE6A-AF3E-46AB-B269-07EC53D7414A} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.exe [2015-02-10] (home) <==== ATTENTION
Task: {2ADD45F5-487E-4659-876D-E650F9151882} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35A90255-CEB5-4609-B4EC-4006E67027E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {3801BC30-7974-45DF-AAF2-37C3F6C2157E} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe [2015-02-09] (PC Utilities Software Limited) <==== ATTENTION
Task: {4217942D-1418-486A-BEA4-010901C80046} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {48AD620B-0B90-415E-BCE4-3A3D974F66EC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4B466DB4-CE0B-4EE6-951A-67E7EEF9A676} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4C6201CF-93B9-4EAB-811E-83376B62F1DD} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-10.exe [2015-02-10] (home) <==== ATTENTION
Task: {5776CA24-9199-4523-9997-33703FC0A639} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-04] (Synaptics Incorporated)
Task: {5AC69F4A-18C8-475A-B63A-C1B0249CD3B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {5E293F0A-CE09-4137-9D08-28DF9D703464} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {643068F4-18F8-48B3-A995-1236C92265F3} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-06] (Hewlett-Packard Development Company, L.P.)
Task: {68823E54-2264-44C3-B773-7FF102506A95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {718D2554-0F5E-4B47-B1A2-878A7247F83A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {7C97EF7C-28B5-4FA8-B2B5-5090314C43A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {8A2648E5-AE6D-4A7F-B816-8524D37534A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8F531052-44C1-4F85-BFD9-8709321BF96B} - System32\Tasks\HPCeeScheduleForChioma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {93A73423-36C7-4FCE-B67B-44E097E5F60E} - System32\Tasks\disco_games_updating_service => C:\Program Files (x86)\disco games\disco_games_updating_service.exe [2015-04-19] () <==== ATTENTION
Task: {9C41BC4F-DC7F-4423-9CE8-D6AEE8A5F1AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-19] (Microsoft Corporation)
Task: {A2DC4655-1DF6-4D8F-A9E5-B7A9010E67FC} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {A3B3B930-CA87-4571-A549-00DE4DB273AA} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {A6658E43-6166-48A1-AA1B-29F5B2A310AB} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe [2015-02-10] (home) <==== ATTENTION
Task: {B4FE9F48-6220-426B-BBD7-CE0EE1A30089} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe [2015-02-10] (home) <==== ATTENTION
Task: {B559962B-9E9A-4E10-8A76-DC8C5DC3FBA1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B86B12BC-2141-45DD-B8E3-1CB9498AB0BC} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe [2015-02-10] (home) <==== ATTENTION
Task: {C6EDAEF4-9C77-4C96-A192-320BDD9D0E60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C75E49AB-FFE0-4C8D-A8C4-048E59F43362} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {C7F12507-A041-4660-9E88-41C98F1E26DE} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe [2015-02-10] (home) <==== ATTENTION
Task: {C7F77CD9-00BE-4FCE-B8A1-2B2545576131} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C96B3B42-0861-458C-A926-E598C0217680} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CAB881E2-359B-413E-971A-EB8DF0F9E9E5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-29] (Facebook Inc.)
Task: {CC5A1771-2E4E-4609-B3C8-AA41B25CE2A3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {CCC97BEA-58F2-4F21-82B2-1C75D6B39335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CECD85C6-A2B4-41AE-9821-555D6AA39BCE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {DFD59543-B0E3-497A-8280-D5A0AD787148} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.exe [2015-02-10] (home) <==== ATTENTION
Task: {E668EA51-9B1C-4045-BE57-446AA7007E5E} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {EAEE0ACC-75C3-441A-94BB-53BE5852B69D} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {FCC22E2C-2871-4ABE-A096-537495A27030} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\disco_games_notification_service.job => C:\Program Files (x86)\disco games\disco_games_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='disco games' /appid='73143' /srcid='2913' /bic='4c8eb99164d3abbe66c6dd1e8cc3735f' /verifier='1d4c29463ec5784568cdb5a64c286661' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\WINDOWS\Tasks\disco_games_updating_service.job => C:\Program Files (x86)\disco games\disco_games_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=disco_games_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GKKOhgbCSLNe7s9oxnv9Rk2.job => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\GKKOhgbCSLNe7s9oxnv9Rk2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-02-15 03:31 - 2013-02-15 03:31 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 15:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-12 14:49 - 2013-02-12 14:49 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-03-17 23:28 - 2015-01-27 17:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-07 06:16 - 2013-06-07 06:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-02-15 03:31 - 2013-02-15 03:31 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-09 13:41 - 2015-05-09 13:41 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-02-10 19:48 - 2015-02-10 19:48 - 01652280 _____ () c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-10 19:44 - 2015-02-10 19:44 - 00170968 _____ () C:\Program Files (x86)\TheHDvid-Codec V10\1063fdfd-805c-4d41-89e3-bf2055edd77c.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chioma\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{32841BC2-9775-49CF-9D61-E45D280CEC6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B91A858A-B217-424D-9330-5B18EE376B7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{369A9516-0F57-46F2-80E9-F7E923D3C01F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B31BA9EE-3C82-447E-AEBC-32C526C40D3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84553A48-E708-4B4D-9B4A-794211C04C7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA244AE0-6C59-428F-A03E-AD0094CF04EB}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{4FA42755-80A1-45AB-86A2-01622E1659AC}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D9BF3FCC-E709-4E39-911A-41298764C1DC}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B6A7368B-F8D8-4110-BD32-96F4456085D3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{DB551738-CE8E-45E3-9168-B10CB9BFC4CC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{107CCCD9-102C-42C5-B99F-BC94E1C50BAC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D57C1609-16EF-4A0C-948D-DE0B4FAD0A24}] => (Allow) LPort=1900
FirewallRules: [{8DD77125-D88F-465A-AFB9-CB107F9D174B}] => (Allow) LPort=2869
FirewallRules: [{27077106-8A6C-41A4-B624-C249BF97FA6A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89DC1184-B3C8-4354-A0D2-96D4B9C15A29}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A162CB2A-4AA0-4C6B-8F03-96BEE413B176}] => (Allow) C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{01A1639D-4E8F-4360-9D97-C6C577F11D5D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{D3245760-72D3-4D2A-8278-101A237E4226}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{C73E2B94-B7C0-40CB-B635-3E55C8577367}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{86E00CB6-3B77-4B84-BE47-44EFF540EC7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B51EF685-6777-4B06-AF8C-59B29621078B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 05:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/25/2015 03:17:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 2.11.0.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 894

Start Time: 01d096542726aa5e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8\Netflix.exe

Report Id: 6726339c-02e0-11e5-beac-a01d486c90cd

Faulting package full name: 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8

Faulting package-relative application ID: App

Error: (05/25/2015 03:17:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BADBETCH)
Description: Package 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8+App was terminated because it took too long to suspend.

Error: (05/25/2015 03:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 1.2.9.0, time stamp: 0x547c0869
Faulting module name: wbemprox.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54503bfa
Exception code: 0xc00001a5
Fault offset: 0x00004b1d
Faulting process id: 0x4fc
Faulting application start time: 0xHPWMISVC.exe0
Faulting application path: HPWMISVC.exe1
Faulting module path: HPWMISVC.exe2
Report Id: HPWMISVC.exe3
Faulting package full name: HPWMISVC.exe4
Faulting package-relative application ID: HPWMISVC.exe5

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/23/2015 09:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (05/23/2015 09:51:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (05/23/2015 09:49:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/23/2015 09:45:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Microsoft Office:
=========================
Error: (05/25/2015 05:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/25/2015 03:17:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Netflix.exe2.11.0.889401d096542726aa5e4294967295C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8\Netflix.exe6726339c-02e0-11e5-beac-a01d486c90cd4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8App

Error: (05/25/2015 03:17:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BADBETCH)
Description: 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8+App

Error: (05/25/2015 03:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPWMISVC.exe1.2.9.0547c0869wbemprox.dll_unloaded6.3.9600.1741554503bfac00001a500004b1d4fc01d0952d55e1ffeac:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exewbemprox.dll3ce524aa-02e0-11e5-beac-a01d486c90cd

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 11482.26 MB
Available physical RAM: 9350.75 MB
Total Pagefile: 13210.26 MB
Available Pagefile: 10874.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.47 GB) (Free:824.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.83 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End of log ============================

DANKE

schrauber · 26.05.2015, 06:36

Sammelst Du Adware?

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Bookmark
deAL4me
GoldenCoupon
KingCoaupon (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version: - "") <==== ATTENTION
LuckYCOuupuone (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "") <==== ATTENTION
Optimizer Pro v3.2
PrinceCOupoon
QuickMark QR Code Extension
RoyoalCouppon (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "") <==== ATTENTION
saaverebioX (HKLM-x32\...\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}) (Version: - "") <==== ATTENTION
SaaveRPRuo (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version: - SaverPro) <==== ATTENTION
ShopperMAster (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version: - "") <==== ATTENTION
Simple Units Converter (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
TheHDvid-Codec V10 (HKLM-x32\...\TheHDvid-Codec V10) (Version: 1.36.01.22 - home) <==== ATTENTION
TotalPlusHD-3.1V10.02 (HKLM-x32\...\TotalPlusHD-3.1V10.02) (Version: 1.36.01.22 - HDPlus-3.1TotalV10.02) <==== ATTENTION
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

dompo · 29.05.2015, 18:13

Hallo schrauber,

Ich war bis heute unterwegs, morgen früh lade ich alle Programme und melde mich bei dir

Vielen Dank!

schrauber · 30.05.2015, 13:30

ok

dompo · 30.05.2015, 21:29

Hallo schrauber,

Meine Freundin sammelt ad ware

aber sie hatte das Problem wohl schon länger und hat es einfach ignoriert .. Ich habe alles gelöscht aber das Programm combofix bricht mit einer Fehlermeldung, es wäre nicht kompatibel zum Windows system ?? Ist ja 8.1 .. Die Installation ab... Was schlägst du vor?

Danke und liebe Grüße

schrauber · 31.05.2015, 14:00

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

dompo · 02.06.2015, 20:29

Hallo Schrauber,

hat geklappt, habe keine popups mehr bis jetzt

danke!! schon mal hierfuer :>

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 6/2/2015
Suchlauf-Zeit: 8:06:48 PM
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Chioma

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357167
Verstrichene Zeit: 30 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1088, Löschen bei Neustart, [7aff89ba7317979f80d122ec09f9a759]
PUP.Optional.OptimizerPro, C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe, 4236, Löschen bei Neustart, [f980a2a1eb9fc670244d07200002ef11]
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1768, Löschen bei Neustart, [d5a45be8583251e5a7ec6450ff0453ad]

Module: 3
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble\RelayDouble.dll, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 

Registrierungsschlüssel: 66
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [7aff89ba7317979f80d122ec09f9a759], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B114619-78B7-1CFF-55EF-74266954F883}, In Quarantäne, [20590c373d4d1c1afb7dc16c5ca6a55b], 
PUP.Optional.HDVid.A, HKLM\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [bebb7fc4bad03006dd9bc20be71c5ca4], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [2d4c99aadfab83b39e7fa346838003fd], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [4534192a6822181e2fee8960699a1ee2], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b1c896addfab20168d1230e6c045fc04], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [82f758eb1e6ca294f1ec169a7e85c33d], 
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, In Quarantäne, [bbbe5ae96b1ff83e5b944cd6778e956b], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [3148a3a07e0c57dfc015f03a43c2e21e], 
PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10-nv, In Quarantäne, [b9c046fd94f6b87e3e3aa12cf70cdc24], 
PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [5f1a63e093f7a98da8d07b52877c0bf5], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [99e096ad2f5b6ccaa053a716cb38c040], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [95e49ca7c0caa78fc6b0e6e8e81b13ed], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [e891cb787c0e8da9908d7f6a24dfc53b], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [83f669dab7d38fa79d80f1f849ba9c64], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [2554192ab5d559ddc5da19fd60a547b9], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4dd8d474}, In Quarantäne, [3f3aac97eaa090a690f67d541ee5a060], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [40391c27eb9f0b2b890bab8208fd32ce], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [ed8ce55e13777bbbe7aed6573fc6ed13], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [671296ad32582115f7a5c204e71cbb45], 
PUP.Optional.RelayDouble, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\4dd8d474, In Quarantäne, [255484bf8cfe95a16b3e565b30d3837d], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [d5a45be8583251e5a7ec6450ff0453ad], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [9edba3a0abdf54e2dcfbeccfbc4747b9], 
PUP.Optional.HDVid.A, HKU\S-1-5-18\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [4336b68d98f2e155de9bd1fc3bc8e21e], 
PUP.Optional.HDVid.A, HKU\S-1-5-18\SOFTWARE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [b9c098abf9915adc2b4eba138f74a957], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [a9d0b1921179a39353a13e7f8c770ff1], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\1ClickDownload, In Quarantäne, [b3c687bcec9efc3ada8ae22a9d68d729], 
PUP.Optional.HDVid.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [ccad8ab9414995a113667855996a7a86], 
PUP.Optional.HDVid.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [1960e75c494148eeb2c70ebfa95ac040], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [b0c9a99af7935ed86d87ae0fa85bd030], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [c0b93a0926646fc773c54ed161a433cd], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [accd4cf72664b1857447b80a2cd7f30d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [7306053e0882b383a11a9b2731d23ac6], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HDPlus-3.1TotalV10.02, In Quarantäne, [aecb59eabdcd60d60e3ee3d44ab94eb2], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\home, In Quarantäne, [a0d9c083602a0d29d3a83a9338cbd729], 
PUP.Optional.Qone8, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7bfe99aa6723fd396935de382dd8c23e], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

Registrierungswerte: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [95e49ca7c0caa78fc6b0e6e8e81b13ed]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ild, In Quarantäne, [671296ad32582115f7a5c204e71cbb45]

Registrierungsdaten: 16
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[ee8bec57abdfb383a5bf8a59df26eb15]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[a5d485be0d7d39fd086039aa6c999f61]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[6415d66d6327e6502d3f72716c99d42c]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[443559ea2565e6505215e102ca3bcd33]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[43364bf8800a6fc7a4c5d40f74919e62]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[1d5c97ac2268f541c7d3697840c54db3]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[14656cd7dcaee452b0b49350cc390cf4]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[6316d46f1b6fc0762147e5fef41110f0]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[1465063d9cee78be194ef2f1f2135ba5]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[1a5ff64d6d1d2313e089a241ae57fa06]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[c3b69da67b0fd16581eb8a5921e4718f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[3445162d7a100d2946544c953acbab55]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[a7d291b28ffbad89f9695a8971949b65]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[0e6b2c176b1f73c3124f895a0203aa56]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[1e5b86bd721843f3702fb91c0bfa35cb]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[caaffb48d0baec4a910d3b9a0ff602fe]

Ordner: 36
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [d2a72023c9c1f640049b611f5ba84db3], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 
PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10, In Quarantäne, [2356d2715f2bcb6bc2daa2e113f0ab55], 
PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ColorMyTwitter.A, C:\Program Files (x86)\Color My Twitter, In Quarantäne, [72074df69ded54e2bc36beccb84b48b8], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\TotalPlusHD-3.1V10.02, In Quarantäne, [681172d1acde2412676a91ff946fc13f], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 

Dateien: 142
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [7aff89ba7317979f80d122ec09f9a759], 
PUP.Optional.OptimizerPro, C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe, Löschen bei Neustart, [f980a2a1eb9fc670244d07200002ef11], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 
PUP.Optional.Nova.A, C:\Program Files (x86)\2091ddc5-3060-4578-9d8d-7f7e368bb940\c5079b0f-1a24-4197-98c5-3bfae61bb4c4.dll, In Quarantäne, [3d3c3d06a7e358debf4fd8332dd5857b], 
PUP.Optional.Nova.A, C:\Program Files (x86)\AMD AVT\e5e3542a-b44f-41e0-9b47-31eb2074941e.dll, In Quarantäne, [88f131124a40bb7b5eb00902dc2605fb], 
PUP.Optional.Multiplug, C:\Program Files (x86)\Woot\Woot.exe, In Quarantäne, [0f6abd866f1b93a3ef9bbe4e996aa65a], 
PUP.Optional.Multiplug.A, C:\Program Files (x86)\PirincECOuPoon\PirincECOuPoon.exe, In Quarantäne, [e891172ce2a8c96d2355df4e51b1bd43], 
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Effective Measure Community Plugin\Effective Measure Community Plugin.exe, In Quarantäne, [20590c373d4d1c1afb7dc16c5ca6a55b], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R0M3TIY.exe, In Quarantäne, [2851b58ecebc0630d033744cbd442dd3], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R1GBDF3.exe, In Quarantäne, [cdaca0a3e6a42a0c7192863a748d6b95], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R1ZZWGP.exe, In Quarantäne, [d3a62c17bcce81b5b44fb10f3ec3ee12], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R5ABVM5.exe, In Quarantäne, [3f3ace754b3f60d605fe4d73c63b13ed], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R7RQFZO.exe, In Quarantäne, [601960e3cac046f0ca981ff5fa0cf60a], 
PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RL9LFNI.exe, In Quarantäne, [3d3c2a19385271c545be972910f10000], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RMDARKL.exe, In Quarantäne, [babf063de7a390a682f773d9649cc937], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RNN3P3G.exe, In Quarantäne, [3f3ab88b5a30999d5e0435df689e1ee2], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RPHC5EO.exe, In Quarantäne, [5623d76c8efc0630026004102adc05fb], 
PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RWHUA6U.exe, In Quarantäne, [d7a2bf84206a6cca8298f74e31cf669a], 
PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R7Y99U3\KingCoaupon.exe, In Quarantäne, [47329ca7e6a4cb6bf496b15bcc37fb05], 
PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R9P397Y\SaaveRPRuo.exe, In Quarantäne, [18615de6fb8f75c1b5d5cc40d82bee12], 
PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RCEOXOC\QuickMark QR Code Extension.exe, In Quarantäne, [3a3f8eb53159d5616a200c00b64d3fc1], 
PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RR49BDK\deAL4me.exe, In Quarantäne, [5b1e68db17737abc8ffbdd2fbf4420e0], 
PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RSIB185\Simple Units Converter.exe, In Quarantäne, [ccadf053a9e1191d137713f9847fba46], 
Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome (1).exe, In Quarantäne, [d3a67ec53a507cba7f0e4e8329dcdf21], 
Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome_a (1).exe, In Quarantäne, [017879ca7119dd5944495b7617ee7b85], 
Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome_a.exe, In Quarantäne, [53260f34f397989e2667b819f1144bb5], 
PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (1).exe, In Quarantäne, [d0a9a3a024663204267a3004df22659b], 
PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (2).exe, In Quarantäne, [5c1d97ac602a84b2f3ad999b55aca858], 
PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc.exe, In Quarantäne, [7504261da0ea270f1987ca6a778a29d7], 
PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, In Quarantäne, [babf331024661a1cceb97a33dd262ed2], 
PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, In Quarantäne, [a3d6df643a509a9c0b7c4d60c63dc43c], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.xdomainrequest.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xdomain.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 
PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble\RelayDouble.dll, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 
PUP.Optional.OmigaPlus.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, Löschen bei Neustart, [7900ba893e4c0f27ef81dbdba75cee12], 
PUP.Optional.OmigaPlus.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, Löschen bei Neustart, [54258ab9236749eddb958b2b9073758b], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6, In Quarantäne, [e39687bc0189c1752b46597544bf32ce], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7, In Quarantäne, [a3d6a79cbcce90a6244dab233cc715eb], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user, In Quarantäne, [d8a1281b6327d264db964787e71c5da3], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5, In Quarantäne, [c2b74102d1b93bfbacc5e8e65ca72cd4], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user, In Quarantäne, [146545fe0b7f32047ff2b51925de9d63], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6, In Quarantäne, [e9908bb8fb8f42f44e23b717c241f20e], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7, In Quarantäne, [403973d0bdcdfd393a372ca2a55e9769], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user, In Quarantäne, [2a4f172c82081e18373a795529da60a0], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5, In Quarantäne, [d6a375ce008a52e4ee8319b5da29c33d], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user, In Quarantäne, [ceabc182602aa78f89e8ac22dc27ef11], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6, In Quarantäne, [b9c01e251b6fd2640968cc02d72c7d83], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7, In Quarantäne, [9cdd58eb4e3cac8afb76eee0907307f9], 
PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [2653fe4591f92e08fd66d4061ae9d828], 
PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [f980142ff29878be72f14e8c897aeb15], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job, In Quarantäne, [6514c2816f1bfa3c0469f833fd08a45c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job, In Quarantäne, [9fdab3906f1be84eed80aa81f80ded13], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job, In Quarantäne, [423744ffcdbd1422561776b581844cb4], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job, In Quarantäne, [e1987bc8355593a3402d58d328ddda26], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job, In Quarantäne, [423784bf3f4b5dd92d407caf22e3c43c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job, In Quarantäne, [6d0cb68dc2c8f4425b12b576dd28718f], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job, In Quarantäne, [6d0c2d16fe8c96a0e786ac7f9c69d62a], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job, In Quarantäne, [374245fe6d1ddc5a86e7db50f510936d], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job, In Quarantäne, [235670d36921d75f81ecb27926df9d63], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job, In Quarantäne, [fd7c063d6e1c76c0f875b5769471c43c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job, In Quarantäne, [bcbdfe45f59513234528c962e520b44c], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job, In Quarantäne, [651477cc3d4d3afccca1a8839273817f], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [ee8b4df6e6a4d75fa0dcee3de61f6f91], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [d8a16cd78802fb3b4d307eadce37f010], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [16635de66921f04647377fac9a6bc43c], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [9bdef84b701a6fc7641b999253b24cb4], 
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [d5a45be8583251e5a7ec6450ff0453ad], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 
PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr\H5IaLiqDYhNZL8.dat, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr\H5IaLiqDYhNZL8.tlb, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
PUP.Optional.ColorMyTwitter.A, C:\Program Files (x86)\Color My Twitter\Color My Twitter.dat, In Quarantäne, [72074df69ded54e2bc36beccb84b48b8], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v4.206 - Logfile created 02/06/2015 at 20:49:56
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Chioma - BADBETCH
# Running from : C:\Users\Chioma\Downloads\AdwCleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PicexaService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\2efa0d9b4483878b
Folder Deleted : C:\ProgramData\3385033030442911627
Folder Deleted : C:\ProgramData\8f659df000005ba9
Folder Deleted : C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
Folder Deleted : C:\Program Files (x86)\Picexa
Folder Deleted : C:\Program Files (x86)\disco games
Folder Deleted : C:\Program Files (x86)\ClickoForSale
Folder Deleted : C:\Program Files (x86)\eAsytoshoop
Folder Deleted : C:\Program Files (x86)\FlAoshCoupon
Folder Deleted : C:\Program Files (x86)\FLeXuibleShoppeer
Folder Deleted : C:\Program Files (x86)\greatsuaVing
Folder Deleted : C:\Program Files (x86)\LLuckyCouuPon
Folder Deleted : C:\Program Files (x86)\PirincECOuPoon
Folder Deleted : C:\Program Files (x86)\ProSHoppeRR
Folder Deleted : C:\Program Files (x86)\RoyalSheopuperAPp
Folder Deleted : C:\Program Files (x86)\SAlesMaaugnet
Folder Deleted : C:\Program Files (x86)\SaoftCoup
Folder Deleted : C:\Program Files (x86)\SAuverPro
Folder Deleted : C:\Program Files (x86)\savEr  BBoax
Folder Deleted : C:\Program Files (x86)\saverOn
Folder Deleted : C:\Program Files (x86)\saviingotOOyouu
Folder Deleted : C:\Program Files (x86)\SihOpuperMasatero
Folder Deleted : C:\Users\Chioma\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk
Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm
Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnpkkogjm
Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjehmknlpomniikcbeldooclffegofcc
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage-journal
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmbdmchmkmjamopihbpmnknbkflciolk
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naghkjogakhpimmejjmakpmnbdeccinm_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naghkjogakhpimmejjmakpmnbdeccinm_0.localstorage-journal
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkgdmfemjeohjmeeabffnombnpkkogjm_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkgdmfemjeohjmeeabffnombnpkkogjm_0.localstorage-journal
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pjehmknlpomniikcbeldooclffegofcc_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pjehmknlpomniikcbeldooclffegofcc_0.localstorage-journal
File Deleted : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage-journal
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage
File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : disco_games_updating_service
Task Deleted : disco_games_notification_service

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
Key Deleted : HKLM\SOFTWARE\Classes\P4797877D_B43A_45A0_B231_47C614214392_.P4797877D_B43A_45A0_B231_47C614214392_
Key Deleted : HKLM\SOFTWARE\Classes\P4797877D_B43A_45A0_B231_47C614214392_.P4797877D_B43A_45A0_B231_47C614214392_.9
Key Deleted : HKLM\SOFTWARE\Classes\P50D0018E_1214_446A_9599_1F5443706205_.P50D0018E_1214_446A_9599_1F5443706205_
Key Deleted : HKLM\SOFTWARE\Classes\P50D0018E_1214_446A_9599_1F5443706205_.P50D0018E_1214_446A_9599_1F5443706205_.9
Key Deleted : HKLM\SOFTWARE\038a5f2e-58dc-4180-b615-d2f2753efd8f
Key Deleted : HKLM\SOFTWARE\09f70cc9-fdbf-3fe1-1b10-e80f57dcda5b
Key Deleted : HKLM\SOFTWARE\1063fdfd-805c-4d41-89e3-bf2055edd77c
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4797877D-B43A-45A0-B231-47C614214392}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50D0018E-1214-446A-9599-1F5443706205}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BDAF5CA1-4082-4F20-B44D-0238A9183DCA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4797877D-B43A-45A0-B231-47C614214392}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50D0018E-1214-446A-9599-1F5443706205}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4797877D-B43A-45A0-B231-47C614214392}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50D0018E-1214-446A-9599-1F5443706205}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4797877D-B43A-45A0-B231-47C614214392}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{50D0018E-1214-446A-9599-1F5443706205}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4797877D-B43A-45A0-B231-47C614214392}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50D0018E-1214-446A-9599-1F5443706205}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\PicexaSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F213470-964F-4092-6B31-BC7570F31B5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94851E46-5E5B-DD67-2593-709E8D27DC4C}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.omiga-plus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omiga-plus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\primeshare.tv
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v43.0.2357.81

[C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
[C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 4DB731C1E7104F61967E664B4D3999806852BFE2DD53B3B8712D106F544702E2"},"software_reporter":{"prompt_reason":"B7FE90F086C03C3E27D0444A113D45AA87F63C10A75CB99C13EA8E6D6CDE5B75","prompt_seed":"2954EE5AA515E57B1A821B047340B8BD051C3F7F77ED8D67F35FB9F6937EFE93","prompt_version":"1CDB640B08F5F608B523D58D0A71CDF82331EC0EC80FEC47ECC3AF77F7775ABE"},"sync":{"remaining_rollback_tries":"1D7F66409BAD9C562851E9D8C5F83B47B1EC2C9E12F51BF813895159B690C787"}},"super_mac":"A30D8DA6AAB69D87B1238B1D121502EA2ECE7B75ED31FCD475A956E111007BB2"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX

*************************

AdwCleaner[R0].txt - [16729 bytes] - [02/06/2015 20:48:11]
AdwCleaner[S0].txt - [15914 bytes] - [02/06/2015 20:49:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15974  bytes] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Windows 8.1 x64
Ran by Chioma on Tue 06/02/2015 at 20:56:51.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Chioma\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\Chioma\appdata\local\google\chrome\user data\default\local storage\http_static.select-n-go00.select-n-go.com_0.localstorage
Successfully deleted: [File] C:\Users\Chioma\appdata\local\google\chrome\user data\default\local storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Folder] C:\Users\Chioma\AppData\Roaming\picexa viewer
Successfully deleted: [Folder] C:\Users\Chioma\documents\optimizer pro



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  mkfokfffehpeedafpekjeddnmnjhmcmk
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/02/2015 at 21:03:31.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Chioma (administrator) on BADBETCH on 02-06-2015 21:17:42
Running from C:\Users\Chioma\Downloads
Loaded Profiles: Chioma (Available Profiles: Chioma)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-03] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3740528191-2975148286-2186109717-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2015-06-02]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Identity Safe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-21]
CHR Extension: (Website Logon) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-03] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-02-12] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-18] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\ENG64.SYS [126040 2014-06-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\EX64.SYS [2099288 2014-06-03] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-08-03] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-08-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:17 - 2015-06-02 21:17 - 00000000 ____D () C:\Users\Chioma\Downloads\FRST-OlderVersion
2015-06-02 21:04 - 2015-06-02 21:04 - 00000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-06-02 21:03 - 2015-06-02 21:03 - 00002003 _____ () C:\Users\Chioma\Desktop\JRT.txt
2015-06-02 20:57 - 2015-06-02 20:57 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-BADBETCH-Windows-8.1-(64-bit).dat
2015-06-02 20:56 - 2015-06-02 20:56 - 02947766 _____ (Thisisu) C:\Users\Chioma\Downloads\JRT (1).exe
2015-06-02 20:56 - 2015-06-02 20:56 - 00000000 ____D () C:\RegBackup
2015-06-02 20:55 - 2015-06-02 20:56 - 02947766 _____ (Thisisu) C:\Users\Chioma\Downloads\JRT.exe
2015-06-02 20:54 - 2015-06-02 20:54 - 00016079 _____ () C:\Users\Chioma\Desktop\AdwCleaner[S0].txt
2015-06-02 20:46 - 2015-06-02 20:46 - 00043091 _____ () C:\Users\Chioma\Desktop\mbam.txt
2015-06-02 20:40 - 2015-06-02 20:40 - 00000000 ____D () C:\Users\Chioma\AppData\Local\GWX
2015-06-02 20:34 - 2015-06-02 20:50 - 00000000 ____D () C:\AdwCleaner
2015-06-02 20:06 - 2015-06-02 20:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 20:05 - 2015-06-02 20:05 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-02 20:05 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-02 20:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-02 20:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 20:04 - 2015-06-02 20:04 - 02231296 _____ () C:\Users\Chioma\Downloads\AdwCleaner_4.206.exe
2015-06-02 20:02 - 2015-06-02 20:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Chioma\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-30 15:36 - 2015-05-30 15:36 - 05628678 _____ (Swearware) C:\Users\Chioma\Downloads\ComboFix.exe
2015-05-30 15:36 - 2015-05-30 15:36 - 05628678 _____ (Swearware) C:\Users\Chioma\Downloads\ComboFix (1).exe
2015-05-30 15:13 - 2015-05-30 15:13 - 00000000 _____ () C:\Users\Chioma\AppData\Local\Temp.dat
2015-05-30 15:03 - 2015-05-30 15:03 - 00000755 _____ () C:\Users\Chioma\Desktop\Revo Uninstaller.lnk
2015-05-30 15:02 - 2015-05-30 15:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chioma\Downloads\revosetup95.exe
2015-05-25 17:06 - 2015-05-25 17:08 - 00040770 _____ () C:\Users\Chioma\Downloads\Addition.txt
2015-05-25 17:05 - 2015-06-02 21:17 - 00014141 _____ () C:\Users\Chioma\Downloads\FRST.txt
2015-05-25 17:05 - 2015-06-02 21:17 - 00000000 ____D () C:\FRST
2015-05-25 17:04 - 2015-06-02 21:17 - 02108928 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64.exe
2015-05-20 11:59 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:59 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 12:04 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-19 12:04 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-19 12:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-19 12:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-19 12:02 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-19 12:02 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-19 12:02 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-19 12:02 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-19 12:02 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-19 11:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-19 11:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-19 11:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-19 11:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-19 11:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-19 11:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-19 11:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-19 11:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-19 11:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-19 11:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-19 11:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-19 11:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-19 11:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-19 11:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-19 11:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-19 11:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-19 11:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-19 11:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-19 11:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-19 11:50 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-19 11:50 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-19 11:50 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-19 11:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-19 11:50 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-19 11:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-19 11:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-19 11:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-19 11:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-19 11:50 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-19 11:50 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-19 11:50 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-19 11:50 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-19 11:50 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-19 11:50 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-19 11:50 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-19 11:50 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-19 11:50 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-19 11:50 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-19 11:50 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-19 11:50 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-19 11:50 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:09 - 2014-08-03 13:05 - 00000000 ___DO () C:\Users\Chioma\OneDrive
2015-06-02 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 20:59 - 2014-01-05 20:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3740528191-2975148286-2186109717-1002
2015-06-02 20:56 - 2014-01-20 00:40 - 00000000 ____D () C:\Users\Chioma\Documents\Youcam
2015-06-02 20:54 - 2015-01-24 22:38 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2015-06-02 20:54 - 2014-02-13 00:36 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 20:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-02 20:50 - 2014-03-18 11:54 - 00065346 _____ () C:\WINDOWS\PFRO.log
2015-06-02 20:50 - 2013-08-22 16:46 - 00309122 _____ () C:\WINDOWS\setupact.log
2015-06-02 20:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-06-02 20:49 - 2014-08-03 13:00 - 00001010 _____ () C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-02 20:49 - 2014-02-13 00:36 - 00001309 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-02 20:49 - 2014-02-13 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-02 20:37 - 2015-04-20 15:16 - 00000000 ____D () C:\Program Files (x86)\Effective Measure Community Plugin
2015-06-02 20:37 - 2015-03-23 14:06 - 00000000 ____D () C:\Program Files (x86)\Woot
2015-06-02 20:37 - 2015-02-10 19:44 - 00000000 ____D () C:\Program Files (x86)\2091ddc5-3060-4578-9d8d-7f7e368bb940
2015-06-02 20:37 - 2013-11-18 00:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-06-02 20:35 - 2014-01-29 12:30 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job
2015-06-02 20:18 - 2014-08-02 17:09 - 02054353 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-02 19:57 - 2014-01-05 19:57 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8F2EDA-FDC7-4E5E-AF44-F4526782A5B1}
2015-06-02 19:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-06-02 19:53 - 2015-04-20 14:37 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-02 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-06-01 19:26 - 2015-03-25 17:22 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForChioma
2015-06-01 19:26 - 2015-03-25 17:22 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job
2015-05-28 19:55 - 2014-03-18 12:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 11:35 - 2014-01-29 12:30 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job
2015-05-27 03:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-25 17:01 - 2015-04-04 23:20 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-24 20:11 - 2014-01-05 20:01 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Macromedia
2015-05-23 09:51 - 2013-08-22 16:44 - 00381368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-23 09:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-23 09:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-20 23:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 22:37 - 2014-01-08 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-20 11:59 - 2014-01-07 21:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-19 17:21 - 2014-01-07 21:49 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-19 14:18 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 12:13 - 2014-02-13 00:36 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 12:13 - 2014-02-13 00:36 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 12:13 - 2014-02-13 00:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 11:48 - 2014-02-01 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 19:59 - 2015-03-12 18:17 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 18:17 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-02 21:04 - 2015-06-02 21:04 - 0000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-05-30 15:13 - 2015-05-30 15:13 - 0000000 _____ () C:\Users\Chioma\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Chioma\AppData\Local\Temp\Extract.exe
C:\Users\Chioma\AppData\Local\Temp\Quarantine.exe
C:\Users\Chioma\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-28 20:23

==================== End of log ============================

dompo · 02.06.2015, 20:42

doppelter post .... habs geloescht, danke nochmal! falls es noch was zu tun gibt immer gerne

hatte noch ein Problem mit Championdeals ... beim googlen kam hier immer erst eine komische werbung hoch ... aber das war ein add in in chrome was ich meiner freundin jetzt gejoescht hab ... duerfte passen ich habe ihr jetzt gesagt sie soll bei problemen die programme ausfuehren die du jetzt genannt hast

schrauber · 03.06.2015, 19:31

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

30.05.2015, 13:30	#6
schrauber /// the machine /// TB-Ausbilder	Extreme Anzahl an Popups/Ads Windows 8 ok __________________ --> Extreme Anzahl an Popups/Ads Windows 8

Extreme Anzahl an Popups/Ads Windows 8

Plagegeister aller Art und deren Bekämpfung: Extreme Anzahl an Popups/Ads Windows 8