Werbetabs öffnen sich automatisch (Chrome/Windows)
 

Bei mir öffnen sich in letzter Zeit immer Werbetabs in Chrome!
Hier sind meine FRST Results

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Herb (administrator) on BENJAMINHERB on 09-04-2015 09:20:43
Running from C:\Users\Herb\Downloads
Loaded Profiles: Herb (Available profiles: Herb)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
() C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Ahri.tw) C:\Program Files\BaronReplay\BaronReplays\BaronReplays.exe
(hxxp://simple-files.com/) C:\Program Files (x86)\SimpleFilesUpdater\SimpleFilesUpdater.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(hxxp://lucky-tab.com/) C:\Program Files (x86)\LuckyTab\LuckyTab.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3918\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5669\Battle.net.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Hearthstone\Hearthstone.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [DelaypluginInstall] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
HKLM-x32\...\Run: [mbot_de_529] => [X]
HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\Run: [GoogleChromeAutoLaunch_6F9A4A8CE3698DD8CD7DB1498B0D00E1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\Run: [SkinsSpotlightsReplay] => G:\Programme\SkinSpotlightsReplays.RELEASE.exe [1160704 2015-02-15] ()
HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\Run: [HitsBlender] => "C:\Program Files (x86)\HitsBlender\app\hitsblender.exe" -s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
Startup: C:\Users\Herb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T&q={searchTerms}
HKU\S-1-5-21-1234751285-1164813236-541565127-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: WSAllMyTubechrome - No CLSID Value
Handler: WSIEChrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-23] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-23] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-23] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1424635909&from=exp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFA37771T
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (YouTube) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Herb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] () [File not signed]
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-07] (Electronic Arts)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-22] (SysTool PasSame LIMITED)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-04-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [25088 2015-02-02] (SteelSeries ApS)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 08:46 - 2015-04-09 09:20 - 00020751 _____ () C:\Users\Herb\Downloads\FRST.txt
2015-04-09 08:46 - 2015-04-09 08:46 - 00030222 _____ () C:\Users\Herb\Downloads\Addition.txt
2015-04-09 08:45 - 2015-04-09 09:20 - 00000000 ____D () C:\FRST
2015-04-09 08:45 - 2015-04-09 08:45 - 02095616 _____ (Farbar) C:\Users\Herb\Downloads\FRST64.exe
2015-04-07 16:26 - 2015-04-07 16:26 - 02525335 _____ () C:\Users\Herb\Downloads\4E98.tmp
2015-04-06 17:12 - 2015-04-06 17:12 - 00000000 ____D () C:\Users\Herb\AppData\Local\Hexage
2015-04-06 17:12 - 2015-04-06 17:12 - 00000000 ____D () C:\Users\Herb\AppData\Local\CrashRpt
2015-04-06 14:47 - 2015-04-06 14:47 - 00011490 _____ () C:\Users\Herb\AppData\Local\recently-used.xbel
2015-04-06 14:31 - 2015-04-06 14:31 - 00180531 _____ () C:\Users\Herb\Downloads\clearlooks_gtk2_engine.zip
2015-04-06 14:22 - 2015-04-06 14:22 - 03570991 _____ () C:\Users\Herb\Downloads\clearlooks_flat_icons_gimp_2_8_themes_v_1_0_1_by_migf1-d80c0ec.zip
2015-04-06 14:21 - 2015-04-06 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2015-04-06 14:21 - 2015-04-06 14:21 - 00000000 ____D () C:\Program Files (x86)\GIMP-2.0
2015-04-06 14:21 - 2015-04-06 14:21 - 00000000 ____D () C:\Program Files (x86)\Gimp Themes v1.0
2015-04-06 14:20 - 2015-04-06 14:20 - 01847293 _____ () C:\Users\Herb\Downloads\gimp_themes.zip
2015-04-04 14:38 - 2015-04-04 14:38 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 14:38 - 2015-04-04 14:38 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-02 17:05 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 17:05 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-02 17:05 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 17:05 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 17:05 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 17:05 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-02 17:05 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-02 17:05 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-04-02 17:05 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-02 17:05 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-04-02 17:05 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-02 17:05 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-02 17:05 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-02 17:05 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-02 17:05 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-02 17:05 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-02 17:05 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-02 17:05 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-02 17:05 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-02 17:05 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-02 17:05 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-02 17:05 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-02 17:05 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-02 17:05 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-02 17:05 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-02 17:05 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-02 17:05 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-02 17:05 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-02 17:05 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 17:05 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-02 17:05 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-02 17:05 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-02 17:05 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-02 17:05 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-02 17:05 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-02 17:05 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-02 17:05 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 17:05 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-02 17:05 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-02 17:05 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-02 17:05 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-02 17:05 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-02 17:05 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-02 17:05 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-02 17:05 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-02 17:04 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 17:04 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-02 17:04 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-02 17:04 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-02 17:04 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-02 17:04 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 17:04 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-02 17:04 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 17:04 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 17:04 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-02 17:04 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 17:04 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-02 17:04 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 17:04 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-02 17:04 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-02 17:04 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-02 17:04 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 17:04 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-02 17:04 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-02 17:04 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-02 17:04 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-02 17:04 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 17:04 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-02 17:04 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 17:04 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 17:04 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-02 17:04 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-02 17:04 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-02 17:04 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 17:04 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-02 17:04 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-02 17:04 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-02 17:04 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 17:04 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-02 17:04 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-02 17:04 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-02 17:04 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-02 17:04 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 17:04 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-02 17:04 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-02 17:04 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-02 17:04 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-02 17:04 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-02 17:04 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-02 17:04 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-02 17:04 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-02 17:04 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-02 17:04 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-02 17:04 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 17:04 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-02 17:04 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-02 17:04 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-02 17:04 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-02 17:02 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-02 17:02 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-02 17:02 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 17:02 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-02 17:02 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-02 17:02 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-02 17:02 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 17:02 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 23:01 - 2015-03-10 23:07 - 318978971 _____ () C:\Users\Herb\Downloads\miui_m0_z25_4.8.29_96015e81ab_4.2.zip
2015-03-10 22:31 - 2015-03-10 22:31 - 02313766 _____ () C:\Users\Herb\Downloads\MIUICamera44-4.zip
2015-03-10 21:41 - 2015-03-10 21:41 - 02206824 _____ (PortableApps.com) C:\Users\Herb\Downloads\PortableApps.com_Platform_Setup_1.6.1.exe
2015-03-10 21:39 - 2015-03-10 21:43 - 170688416 _____ (PortableApps.com) C:\Users\Herb\Downloads\LibreOfficePortable_3.6.5_MultilingualAll.paf.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 09:19 - 2014-12-29 11:26 - 00000000 ____D () C:\Users\Herb\AppData\Local\Battle.net
2015-04-09 09:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-09 08:48 - 2014-12-22 23:16 - 01775930 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 08:44 - 2014-12-22 23:34 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 08:28 - 2014-12-23 18:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-09 08:28 - 2014-12-22 23:34 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 22:58 - 2015-02-27 19:30 - 00000000 ____D () C:\ProgramData\Origin
2015-04-08 22:58 - 2014-12-23 00:32 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\ClassicShell
2015-04-08 20:35 - 2014-12-26 00:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-07 23:30 - 2014-12-29 11:34 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\AIMP3
2015-04-07 15:13 - 2014-12-29 11:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 14:48 - 2015-02-27 19:41 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-07 14:45 - 2015-02-27 19:36 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Origin
2015-04-07 14:45 - 2015-02-27 19:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-07 13:40 - 2014-12-22 23:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1234751285-1164813236-541565127-1001
2015-04-06 14:51 - 2014-12-25 13:48 - 00000000 ____D () C:\Users\Herb\.gimp-2.8
2015-04-06 14:47 - 2014-12-25 13:53 - 00000000 ____D () C:\Users\Herb\AppData\Local\gtk-2.0
2015-04-06 14:16 - 2014-12-26 00:23 - 00454656 ___SH () C:\Users\Herb\Desktop\Thumbs.db
2015-04-05 03:51 - 2015-02-23 17:46 - 00000235 _____ () C:\Users\Herb\Downloads\Neat_Video_2_6_keygen.zip
2015-04-04 21:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-04 14:38 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-03 18:07 - 2014-03-18 12:04 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 18:07 - 2014-03-18 11:25 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2015-04-03 18:07 - 2014-03-18 11:25 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2015-04-03 18:04 - 2014-12-25 15:54 - 00061396 _____ () C:\Windows\setupact.log
2015-04-03 14:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-03 13:46 - 2015-03-04 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 13:46 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 13:46 - 2013-08-22 16:44 - 00407024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-02 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-02 18:53 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-02 18:50 - 2014-12-23 00:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 18:49 - 2014-12-23 00:05 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-02 17:12 - 2014-12-26 00:10 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\Audacity
2015-04-02 17:07 - 2014-12-23 18:06 - 00800440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-02 16:58 - 2014-12-29 11:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-10 21:05 - 2014-12-22 23:37 - 00000000 ____D () C:\Users\Herb\AppData\Roaming\vlc
2015-03-10 17:30 - 2015-03-09 19:44 - 00003584 _____ () C:\Users\Herb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2015-01-08 21:21 - 2015-01-08 21:21 - 0333800 _____ () C:\Users\Herb\AppData\Roaming\CodecsLE_Install.log
2014-12-25 14:55 - 2014-12-25 14:55 - 0000054 _____ () C:\Users\Herb\AppData\Roaming\updater.cfg
2015-03-09 19:44 - 2015-03-10 17:30 - 0003584 _____ () C:\Users\Herb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-06 14:47 - 2015-04-06 14:47 - 0011490 _____ () C:\Users\Herb\AppData\Local\recently-used.xbel
2014-12-25 16:16 - 2014-12-25 16:16 - 0007605 _____ () C:\Users\Herb\AppData\Local\Resmon.ResmonCfg
2014-12-22 23:24 - 2014-12-22 23:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Herb\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Herb\AppData\Local\Temp\_isE5E6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-03 14:01

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Herb at 2015-04-09 09:20:56
Running from C:\Users\Herb\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anno 1701 - Der Fluch des Drachen (HKLM-x32\...\{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}) (Version: 2.03 - Sunflowers)
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.02 - Sunflowers)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avid Codecs LE (HKLM-x32\...\{5419197C-C41C-42E9-AFE2-8F2725DE44C3}) (Version: 2.3.9 - Ihr Firmenname)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CPUID ASUS CPU-Z 1.65 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
Deponia (HKLM-x32\...\1207659103_is1) (Version: 2.2.0.8 - GOG.com)
DeshakerIF 2.01 (HKLM-x32\...\{C39CDB78-924E-4DEE-94E8-97B77F1A6080}_is1) (Version: - )
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Gimp Themes v1.0 (HKLM-x32\...\{833D97B9-AC16-45C1-AD44-0A32198956F8}) (Version: 1.0.0 - www.gimp-tutorials.net)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.2.8.2 (HKLM-x32\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version: 4.2.8.2 - The Document Foundation)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.21 - www.leaguereplays.com)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{93488C33-D8D6-472A-83BB-F71603355CF0}) (Version: 11.1.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.0 - Red Giant Software) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Mp3tag v2.68 (HKLM-x32\...\Mp3tag) (Version: v2.68 - Florian Heidenreich)
Neat Video v2.2 Demo plug-in for Sony Vegas (HKLM-x32\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 beta r2326 - )
Rayman Legends (HKLM-x32\...\{72B119B2-493F-4040-A4A7-69830B0BDDAE}_is1) (Version: 1.3 - Ubisoft Entertainment, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Reaper - Tale of a Pale Swordsman (HKLM-x32\...\Steam App 269370) (Version: - Hexage)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
S Agent (Version: 1.1.50 - Samsung Electronics CO., LTD.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SteelSeries Engine 3.3.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.3 - SteelSeries ApS)
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
TeamSpeak 3 Client (HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\GOGPACKTHEWITCHER2EE_is1) (Version: 3.4.0.25 - GOG.com)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version: - Nadeo)
To-Do DeskList 1.7 (HKLM-x32\...\To-Do DeskList_is1) (Version: 1.7 - Ondrej Zabojnik, Dextronet)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
Update Service SimpleFiles (HKU\S-1-5-21-1234751285-1164813236-541565127-1001\...\Update Service SimpleFiles) (Version: 15.15.09 - hxxp://www.filearchieve.net)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Vegas Dynamic Noise Reduction Uninstall (HKLM-x32\...\Vegas DNR) (Version: - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version: - webssearches) <==== ATTENTION
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

04-03-2015 20:36:23 Geplanter Prüfpunkt
02-04-2015 18:48:03 Windows Update
06-04-2015 14:20:27 Installed Gimp Themes v1.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F349A8C-64A9-4181-A5EB-200C108101CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1E55F1E9-DED3-421B-9E9D-04A25C642E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
Task: {287455A4-E702-48E3-8567-556BB5385D1C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {49466127-116E-45B9-876D-CFF33DA44EEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-22] (Google Inc.)
Task: {54C9F96E-9F27-4363-90B7-839629895ED6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {595644E3-38EC-45D8-B282-129D555BFDBA} - System32\Tasks\{624ABA7A-3B1E-4C00-905D-C1132F221FBA} => pcalua.exe -a "C:\Program Files (x86)\Startfenster\uninst.exe"
Task: {599BCBB9-26CE-4208-B1AF-0F194A837EE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-02] (Microsoft Corporation)
Task: {5C2DEC6C-AD08-4C7A-B0ED-38CE79613A62} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {881A2558-0426-4930-9FE5-8D43AC4D4F4B} - System32\Tasks\BaronReplays => C:\Program
Task: {95AAA334-1A0B-406D-827F-88A84C2EC6F0} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-02-22] (hxxp://lucky-tab.com/) <==== ATTENTION
Task: {CF45B73F-48A9-490E-B818-3B473197A3E5} - System32\Tasks\Run_Bobby_Browser => C:\Users\Herb\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {D1ACB67B-63F5-45AB-BDB2-59B153CD42B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D2C286C5-D352-4071-BFB5-96C0565C6FA9} - System32\Tasks\{5F7DE9B3-36C2-4BC9-A984-94902F05A56F} => pcalua.exe -a C:\Users\Herb\Desktop\I9300_tools\Drive\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\Herb\Desktop\I9300_tools\Drive
Task: {F73DBD02-6206-41D7-AE9D-D57C592897DE} - System32\Tasks\Update Service SimpleFiles => C:\Program Files (x86)\SimpleFilesUpdater\SimpleFilesUpdater.exe [2015-02-23] (hxxp://simple-files.com/)
Task: {FA798EFE-AB6F-4C5D-876A-2EDA3879838D} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-10] (Samsung Electronics CO., LTD.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-16 10:45 - 2015-01-16 10:45 - 00158896 _____ () C:\Program Files (x86)\XTab\ProtectService.exe
2014-12-29 11:27 - 2015-04-02 16:58 - 11632176 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone.exe
2014-12-26 00:31 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-02-02 18:48 - 2015-02-02 18:48 - 17833984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
2015-01-03 19:28 - 2015-01-03 19:28 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll
2014-09-17 15:13 - 2014-09-17 15:13 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-09-17 15:13 - 2014-09-17 15:13 - 00752312 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-09-17 15:11 - 2014-09-17 15:11 - 00033280 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2014-09-17 15:12 - 2014-09-17 15:12 - 00408576 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libcef.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libGLESv2.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00908288 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\platforms\qwindows.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\libEGL.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qgif.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qico.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qjpeg.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qmng.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qsvg.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\imageformats\qtiff.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQuick.2\qtquick2plugin.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-04-07 15:13 - 2015-04-07 15:13 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5669\qml\QtQml\Models.2\modelsplugin.dll
2014-12-26 00:31 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-12-29 11:40 - 2015-04-02 16:58 - 02102784 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone_Data\Mono\mono.dll
2014-12-29 11:42 - 2015-04-02 16:58 - 02122752 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone_Data\Plugins\Connect.DLL
2014-12-29 11:40 - 2015-04-02 16:58 - 00029184 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone_Data\Plugins\PlayErrors32.DLL
2014-12-29 11:39 - 2014-12-29 11:39 - 00014336 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone_Data\Plugins\W8TouchDLL.DLL
2015-04-03 19:46 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 19:46 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 19:46 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 19:46 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1234751285-1164813236-541565127-1001\Control Panel\Desktop\\Wallpaper -> G:\Design\Backgrounds\Epic World Bearbt II.png
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: DTSAudioSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3

==================== Accounts: =============================

Administrator (S-1-5-21-1234751285-1164813236-541565127-500 - Administrator - Disabled)
Gast (S-1-5-21-1234751285-1164813236-541565127-501 - Limited - Disabled)
Herb (S-1-5-21-1234751285-1164813236-541565127-1001 - Administrator - Enabled) => C:\Users\Herb
HomeGroupUser$ (S-1-5-21-1234751285-1164813236-541565127-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 07:52:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (04/07/2015 04:26:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 41.0.2272.118, Zeitstempel: 0x55199d5a
Name des fehlerhaften Moduls: explorerframe.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504c76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e0e8
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (04/06/2015 09:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LoLCameraSharp.Release.exe, Version 2.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c08

Startzeit: 01d070a20c2df517

Endzeit: 4294967295

Anwendungspfad: G:\Programme\LoLCameraSharp.Release.exe

Berichts-ID: e8aba404-dc95-11e4-828b-e03f494a98f9

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/06/2015 02:21:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gimpthemes-v1.0.exe, Version: 0.0.0.0, Zeitstempel: 0x47939a09
Name des fehlerhaften Moduls: libatk-1.0-0.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846bb
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e052
ID des fehlerhaften Prozesses: 0x1764
Startzeit der fehlerhaften Anwendung: 0xGimpthemes-v1.0.exe0
Pfad der fehlerhaften Anwendung: Gimpthemes-v1.0.exe1
Pfad des fehlerhaften Moduls: Gimpthemes-v1.0.exe2
Berichtskennung: Gimpthemes-v1.0.exe3
Vollständiger Name des fehlerhaften Pakets: Gimpthemes-v1.0.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gimpthemes-v1.0.exe5

Error: (04/06/2015 02:20:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/03/2015 01:46:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "ProtectionManagement" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (04/03/2015 01:46:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (04/02/2015 06:48:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/02/2015 05:18:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ac4

Startzeit: 01d06d5471696a73

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 7bdc5354-d94b-11e4-828a-e03f494a98f9

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/08/2015 08:05:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (04/09/2015 08:29:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/09/2015 08:29:08 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2015 07:53:39 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINHERB)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/08/2015 07:53:09 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINHERB)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/08/2015 07:25:38 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINHERB)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/08/2015 07:25:08 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINHERB)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/08/2015 02:46:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2015 02:46:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/07/2015 01:41:17 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINHERB)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/07/2015 00:56:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (04/08/2015 07:52:52 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (04/07/2015 04:26:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe41.0.2272.11855199d5aexplorerframe.dll6.3.9600.1741554504c76c00000050002e0e876c01d071218f948ad8C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\explorerframe.dll133a0c1b-dd32-11e4-828b-e03f494a98f9

Error: (04/06/2015 09:48:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LoLCameraSharp.Release.exe2.0.0.01c0801d070a20c2df5174294967295G:\Programme\LoLCameraSharp.Release.exee8aba404-dc95-11e4-828b-e03f494a98f9

Error: (04/06/2015 02:21:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gimpthemes-v1.0.exe0.0.0.047939a09libatk-1.0-0.dll6.3.9600.1766854c846bbc00001350009e052176401d070644464b775C:\Program Files (x86)\GIMP-2.0\bin\Gimpthemes-v1.0.exelibatk-1.0-0.dll83d85db8-dc57-11e4-828b-e03f494a98f9

Error: (04/06/2015 02:20:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/03/2015 01:46:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (04/03/2015 01:46:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (04/02/2015 06:48:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (04/02/2015 05:18:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17415ac401d06d5471696a730C:\Windows\Explorer.EXE7bdc5354-d94b-11e4-828a-e03f494a98f9

Error: (03/08/2015 08:05:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 15%
Total physical RAM: 16321.41 MB
Available physical RAM: 13815.41 MB
Total Pagefile: 18753.41 MB
Available Pagefile: 15380.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:45.64 GB) NTFS
Drive e: (Anno) (CDROM) (Total:2.29 GB) (Free:0 GB) CDFS
Drive f: (EOS_DIGITAL) (Removable) (Total:29.71 GB) (Free:25.85 GB) FAT32
Drive g: (Daten) (Fixed) (Total:2794.39 GB) (Free:2489.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D37BDD5D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 75971DA1)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

hi,






Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

• Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
• Klicke auf Optionen und wähle als Sprache Deutsch.
• Suche im Uninstallerfeld nach den Programmen:
  
  webssearches uninstall
  
  
• Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  
• Reste löschen:
  Klicke auf dann auf und dann auf .

 

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke für die schnelle Antwort (und die Tipps ^^)
Ok alles fertig! Hier sind die Sachen!


FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---

Btw: Gibt es ne Möglichkeit den ersten Beitrag noch zu editieren und zu verkürzen?

Warum?



ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)