Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows7 Vieren scanner hat win64/Adpeak erkannt aber nicht komplett gelöscht! (https://www.trojaner-board.de/161287-windows7-vieren-scanner-hat-win64-adpeak-erkannt-komplett-geloescht.html)

Berni34 28.11.2014 13:13
Windows7 Vieren scanner hat win64/Adpeak erkannt aber nicht komplett gelöscht!
 
Hallo zusammen

Wie die Überschrift zu meinem Thema schon sagt, hat mein Vierenscanner win64/Adpeak gefunden und gelöscht.
Wenn ich nun aber ins Internet gehe mit Firefox erscheinen immer wieder Werbungsseiten
in neuen Tabs die ich dann immer wieder schließen muss um überhaupt Surfen zu können.
Wenn ich jedoch mit dem Internet Explorer rein gehe kommt keine Werbung.
Wenn einer eine Lösung hat würde mich das Freuen.

:dankeschoen:

schrauber 28.11.2014 13:26
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Berni34 28.11.2014 14:50
Das ging ja schnell.
Als erstes die FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Björn (ATTENTION: The logged in user is not administrator) on BSPC on 28-11-2014 14:39:29
Running from C:\Users\Björn\Desktop
Loaded Profile: Björn (Available profiles: bs & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] => C:\Users\bs\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2010-11-24] (OCS)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_de_58] => [X]
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\MountPoints2: {025c8207-f71f-11df-aac2-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> DefaultScope {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: RrSavings - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\RrSavings@jetpack [2014-06-20]
FF Extension: WEB.DE MailCheck - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\toolbar@web.de [2014-11-02]
FF Extension: ICQ Toolbar - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-28]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\bs\AppData\Roaming\Mozilla\Firefox\Profiles\2zowux7w.default\extensions\faststartff@gmail.com

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-18]
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-18]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-18]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-18]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchAnonymizer; C:\Users\bs\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2010-11-24] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 GPU-Z; \??\C:\Users\bs\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 14:39 - 2014-11-28 14:39 - 00021851 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-11-28 14:39 - 2014-11-28 14:39 - 00000000 ____D () C:\FRST
2014-11-28 14:32 - 2014-11-28 14:32 - 02117632 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-11-28 12:33 - 2014-11-28 12:33 - 00002117 _____ () C:\Users\Björn\Downloads\image-3.x-png
2014-11-28 12:32 - 2014-11-28 12:32 - 00007880 _____ () C:\Users\Björn\Downloads\image-2.x-png
2014-11-27 14:37 - 2014-11-27 14:41 - 00000000 ____D () C:\Users\Björn\BFO
2014-11-25 19:34 - 2014-11-25 19:34 - 00009170 _____ () C:\Users\Björn\Documents\cc_20141125_193358.reg
2014-11-25 19:31 - 2014-11-25 19:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-25 19:31 - 2014-11-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2014-11-25 19:31 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-25 19:26 - 2014-11-25 19:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Björn\Downloads\spybot-2.4.exe
2014-11-25 08:52 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 08:52 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 22:27 - 2014-11-16 22:27 - 00000000 __SHD () C:\Users\Björn\AppData\Local\EmieBrowserModeList
2014-11-16 09:58 - 2014-11-16 09:59 - 265218167 _____ () C:\Users\Björn\Downloads\labboens.zip
2014-11-12 20:41 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 20:41 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 20:41 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 20:41 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 20:41 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 20:41 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 20:41 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 20:41 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 20:41 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 20:41 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 20:41 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 20:41 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 20:41 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 20:41 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 20:41 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 20:41 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 20:41 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:41 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:41 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:41 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:41 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:41 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:41 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 20:41 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 20:41 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 20:41 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 20:41 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 20:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 20:39 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:39 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 20:39 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:39 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 20:39 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 20:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 20:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 20:35 - 2014-11-12 20:35 - 256870246 _____ () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe.rar
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTSPackageRegistry
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTS Editor 64bit 6.0.2
2014-11-05 20:47 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\PipaPo
2014-11-05 20:47 - 2014-11-05 20:47 - 00000000 ____D () C:\Program Files\GIANTS Software
2014-10-30 18:16 - 2014-10-30 18:16 - 00001303 _____ () C:\Users\Björn\Desktop\Landwirtschafts Simulator 15 .lnk
2014-10-30 18:12 - 2014-10-30 18:12 - 00001285 _____ () C:\Users\bs\Desktop\Landwirtschafts Simulator 15 .lnk
2014-10-30 18:12 - 2014-10-30 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015
2014-10-30 18:08 - 2014-10-30 18:31 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 14:35 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 14:35 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 14:21 - 2010-11-23 17:37 - 02089541 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 14:05 - 2012-04-12 06:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 11:20 - 2013-01-22 08:19 - 00060428 _____ () C:\Windows\setupact.log
2014-11-28 11:20 - 2010-11-20 07:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-28 11:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 14:37 - 2010-11-23 18:01 - 00000000 ____D () C:\Users\Björn
2014-11-26 11:05 - 2012-04-12 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 11:05 - 2011-05-20 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 10:54 - 2010-11-26 14:44 - 00016463 _____ () C:\Users\Björn\Documents\Rech.ods
2014-11-16 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:05 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 08:05 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 08:05 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 07:59 - 2009-07-14 05:45 - 00291280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:56 - 2014-05-07 09:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:54 - 2013-08-15 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:52 - 2010-11-23 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-05 20:47 - 2010-11-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2014-11-05 20:44 - 2012-10-26 18:40 - 00000000 ____D () C:\Users\Björn\Documents\My Games
2014-11-05 20:43 - 2010-11-23 17:45 - 00000000 ____D () C:\Users\bs
2014-10-30 18:13 - 2013-08-18 12:44 - 00038018 _____ () C:\Windows\DirectX.log
2014-10-30 18:00 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-30 12:25 - 2010-11-23 18:14 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\bs\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\bs\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bs\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bs\AppData\Local\Temp\nvStInst.exe
C:\Users\bs\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---


Als zweites die Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Björn at 2014-11-28 14:40:07
Running from C:\Users\Björn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Angry Birds (HKLM-x32\...\{32EE0FCC-7E06-4B31-B186-E2663EB1F373}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{CE5ED681-DF8E-425E-9CE6-F6251A6781AC}) (Version: 4.0.1 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{F0381292-F3A4-4948-B4DA-B5080EF17FDF}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
GIANTS Editor 6.0.2 64-bit (HKLM-x32\...\giants_editor_6.0.2_win64_is1) (Version: 6.0.2 - GIANTS Software GmbH)
Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICQ 7.2 Build #3159 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version:  - murb.com)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.270 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nicht ärgern! inkl. Hutfangen + Gesperrt 1.0  (HKLM-x32\...\Nicht ärgern! inkl. Hutfangen + Gesperrt) (Version: 1.0 - cerasus.media)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-11-25 16:27 - 00000998 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============

2010-11-25 16:34 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3575294459-91720082-2641978701-500 - Administrator - Enabled) => C:\Users\Administrator
Björn (S-1-5-21-3575294459-91720082-2641978701-1003 - Limited - Enabled) => C:\Users\Björn
bs (S-1-5-21-3575294459-91720082-2641978701-1001 - Administrator - Enabled) => C:\Users\bs
Gast (S-1-5-21-3575294459-91720082-2641978701-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3575294459-91720082-2641978701-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2014 07:38:59 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (11/25/2014 07:38:59 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)

Error: (11/16/2014 09:57:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FarmingSimulator2015Game.exe, Version 6.0.2.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 23e8

Startzeit: 01d0017a8b2bb9cb

Endzeit: 316

Anwendungspfad: C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe

Berichts-ID:

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/29/2014 06:32:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/21/2014 04:03:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/20/2014 07:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003469c
ID des fehlerhaften Prozesses: 0xe68
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3

Error: (06/20/2014 07:22:30 PM) (Source: Registry Helper Service) (EventID: 109) (User: )
Description: Error: Service started


System errors:
=============
Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (11/28/2014 11:20:51 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (11/28/2014 07:37:28 AM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (11/28/2014 07:37:28 AM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/


Microsoft Office Sessions:
=========================
Error: (11/25/2014 07:38:59 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (11/25/2014 07:38:59 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
        Der Inhaltsindexkatalog ist fehlerhaft.  0xc0041801 (0xc0041801)
2350

Error: (11/16/2014 09:57:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FarmingSimulator2015Game.exe6.0.2.023e801d0017a8b2bb9cb316C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (08/24/2014 07:07:52 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/29/2014 06:32:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/21/2014 04:03:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/20/2014 07:36:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsiExec.exe5.0.7601.175144ce792c4ntdll.dll6.1.7601.18247521ea8e7c00000050003469ce6801cf8cb67afd3bbcc:\Windows\syswow64\MsiExec.exeC:\Windows\SysWOW64\ntdll.dllb9bd461d-f8a9-11e3-a49d-1c6f653ea505

Error: (06/20/2014 07:22:30 PM) (Source: Registry Helper Service) (EventID: 109) (User: )
Description: Service started


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 4087.42 MB
Available physical RAM: 2467.13 MB
Total Pagefile: 8173.02 MB
Available Pagefile: 6419.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:698.64 GB) (Free:615.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Landwirtschafts-Simulator 2015) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Hoffe das so alles richtig ist

schrauber 29.11.2014 11:13
Unsere Tools brauchen immer Adminrechte.

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    webssearches uninstaller


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Berni34 29.11.2014 13:36
So dann schauen wir mal was die Arbeit gebracht hat
Punkt 1 der Mbam Text
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.11.2014
Suchlauf-Zeit: 12:28:22
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.29.02
Rootkit Datenbank: v2014.11.22.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: bs

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 423028
Verstrichene Zeit: 9 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1364, Löschen bei Neustart, [1e6858e9a7d560d6199e7ef312efda26]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 22
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [1e6858e9a7d560d6199e7ef312efda26],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [384edd64c5b7c86eebc117ae976b37c9],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [0086b0910c70e2546cf98dcf6f9450b0],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [780ea1a083f970c67593e58858ab29d7],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a9dd7bc62a529d992833edb4d430af51],
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFT_TODAY, In Quarantäne, [d6b0af9299e34fe79702d1e6b450b54b],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, In Quarantäne, [32543908c7b53ef8ddbe362542c1f010],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [eb9b043d3c40bf77f25c0073bd460cf4],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [810554ed1b618bab5209861b3ec6ce32],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [52340e337507f2445bbf19370102b34d],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [70162a17b9c3989e5fec4808a162718f],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [1571e55c304c1e18a9b1083d10f3f30d],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [d8ae9da45c201422f7f6cbed4cb8b24e],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEDLMNGR, In Quarantäne, [35512b164d2ff54171bfff5634cfd828],
PUP.Optional.Qone8, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [c2c46ed3225a989eb2a8574acf354fb1],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [3f47093803793ef8f7631835b15226da],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [fe888db4ea9274c2ca2170fe48bb758b],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RrSavings, In Quarantäne, [cabcd46dc7b595a151b9016c18ebfc04],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, In Quarantäne, [b3d3f74a9ae2ac8abf4d87e68b7852ae],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RrSavings, In Quarantäne, [36504ef36d0f171f9774c3aae023ad53],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [3f4758e9d5a79d99dd0ef37b907321df],
PUP.Optional.GenesisOffers, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\genesis_06201820, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed],

Registrierungswerte: 6
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_58, In Quarantäne, [e79fac952c500a2cb9d26507c93acd33],
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\bs\AppData\Roaming\Mozilla\Firefox\Profiles\2zowux7w.default\extensions\faststartff@gmail.com, In Quarantäne, [f78f62dfd5a7b1858f41456f966eab55]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [52340e337507f2445bbf19370102b34d]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [70162a17b9c3989e5fec4808a162718f]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [3f47093803793ef8f7631835b15226da]
PUP.Optional.GenesisOffers, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|genesis_06201820, "c:\users\bs\appdata\local\genesis_06201820\genesis_06201820.exe" /r, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed]

Registrierungsdaten: 14
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[f096aa9793e950e6926fbb9557aea957]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}),Ersetzt,[7a0cf24fed8fbc7abd3b1b3435d012ee]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[a0e659e81666092da0561837b64fc040]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[86001b26c1bb8caadf1b7dd239cc6f91]
PUP.Optional.WebSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}),Ersetzt,[c9bda69b6d0fb581957fd686bc49e21e]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[0f77a9989be1df57b06a0d4df015a759]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[b6d056eb1b61f83ebf42292711f410f0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}),Ersetzt,[1a6ca1a0324a87afb93fb29d0005bb45]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[691db68b0874340265911d3274912fd1]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[7016ef526f0d251130cac38cd72e50b0]
PUP.Optional.WebSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317&q={searchTerms}),Ersetzt,[d3b3ec55d3a9df5762b20656b1547e82]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[2b5b43fe3745ce6804168dcd07fe0af6]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[671fe0614f2d3bfbdf1cd97611f44bb5]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3575294459-91720082-2641978701-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1403288491&from=amt&uid=SAMSUNGXHD754JJ_S2AHJ1BZ500317),Ersetzt,[94f243fe493354e218dfbc93de27b54b]

Ordner: 33
PUP.Optional.OpenCandy, C:\Users\Björn\AppData\Roaming\OpenCandy, In Quarantäne, [4c3a56eb8bf1a88edf173ed1f211e818],
PUP.Optional.OpenCandy, C:\Users\Björn\AppData\Roaming\OpenCandy\CA3D952D274840A8A745523CD489FE2B, In Quarantäne, [4c3a56eb8bf1a88edf173ed1f211e818],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\defaults, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\defaults\preferences, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\locale, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\data, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\lib, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\data, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\addon, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\dom, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\private-browsing, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings\data, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings\lib, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings\tests, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [4f3701403943f83e00706cb99f644ab6],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [4f3701403943f83e00706cb99f644ab6],
PUP.Optional.GenesisOffers, C:\Users\bs\AppData\Local\Genesis_06201820, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed],

Dateien: 100
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [1e6858e9a7d560d6199e7ef312efda26],
PUP.Optional.OpenCandy.A, C:\Users\Björn\AppData\Roaming\OpenCandy\CA3D952D274840A8A745523CD489FE2B\LatestDLMgr.exe, In Quarantäne, [abdb6dd40a72b77f2e8faf8b23de2ed2],
PUP.Optional.OffersWizard.A, C:\$Recycle.Bin\S-1-5-21-3575294459-91720082-2641978701-1001\$RJ5P4RL\uninstinethnfd.exe, In Quarantäne, [394dad9438447db918627a0fe42141bf],
PUP.Optional.Skytech.A, C:\$Recycle.Bin\S-1-5-21-3575294459-91720082-2641978701-1001\$RXBAPMV\DpInterface32.dll, In Quarantäne, [89fd9ba6235990a6b4d6049df011ef11],
PUP.Optional.SupTab.A, C:\$Recycle.Bin\S-1-5-21-3575294459-91720082-2641978701-1001\$RXBAPMV\SupTab.dll, In Quarantäne, [5531350c3f3d96a0682ff63f4eb241bf],
PUP.Optional.Skytech.A, C:\$Recycle.Bin\S-1-5-21-3575294459-91720082-2641978701-1001\$RYCYUFM\UninstallManager.exe, In Quarantäne, [31556fd22f4d79bd7d0d128ff011dc24],
PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [dcaa8ab77c009b9b2d13ae802ed77090],
PUP.Optional.InstallD.A, C:\Windows\SysWOW64\installd.exe, In Quarantäne, [e79f4cf52e4e7cba77358acb9172e11f],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [ef9731104636e55177d990e342c106fa],
Worm.Zhelatin, C:\Windows\System32\fsvk.exe.exe, In Quarantäne, [91f5cc750a72fe384a1fc4035da68a76],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\bootstrap.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\harness-options.json, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\icon.png, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\install.rdf, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\locales.json, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\defaults\preferences\prefs.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\page-mod.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\private-browsing.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\request.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\addon-kit\lib\windows.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\observer-service.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\api-utils.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\base64.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\byte-streams.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\collection.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\cortex.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\cuddlefish.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\deprecate.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\environment.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\errors.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\file.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\functional.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\globals.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\heritage.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\hidden-frame.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\light-traits.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\list.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\loader.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\match-pattern.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\memory.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\namespace.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\plain-text-console.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\preferences-service.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\promise.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\querystring.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\runtime.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\sandbox.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\self.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\text-streams.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\timer.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traceback.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\unload.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\url.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\uuid.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window-utils.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xhr.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xpcom.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\xul-app.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event\core.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\event\target.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\addon\runner.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\content-proxy.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\content-worker.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\loader.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\symbiont.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\content\worker.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\dom\events.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\events\assembler.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\core.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\html.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\loader.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\locale.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\l10n\prefs.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\private-browsing\utils.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\system\events.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\events.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\observer.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\tab.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\tabs\utils.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\traits\core.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\data.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\object.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\registry.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\utils\thumbnail.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\window\utils.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\dom.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\loader.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\observer.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\api-utils\lib\windows\tabs.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings\data\icon64.png, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.RRSavings.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\extensions\RrSavings@jetpack\resources\RrSavings\lib\main.js, In Quarantäne, [c6c078c90b7190a6271da67544bf08f8],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [4f3701403943f83e00706cb99f644ab6],
PUP.Optional.GenesisOffers, C:\Users\bs\AppData\Local\Genesis_06201820\Genesis_06201820.exe, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed],
PUP.Optional.GenesisOffers, C:\Users\bs\AppData\Local\Genesis_06201820\genesis_06201820.gdb, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed],
PUP.Optional.GenesisOffers, C:\Users\bs\AppData\Local\Genesis_06201820\genesis_06201820.gss, In Quarantäne, [8df9b0916b118ea810bfd958c83b13ed],
PUP.Optional.QuickStart.A, C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[c4c2f051bbc1cf67fc8c711fb154b14f]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Punkt 2 der AdwClean Text
Code:
# AdwCleaner v4.102 - Bericht erstellt am 29/11/2014 um 12:56:47
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-27.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : bs - BSPC
# Gestartet von : C:\Users\Björn\Desktop\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\bs\AppData\Roaming\OCS
Datei Gelöscht : \END
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk
Verknüpfung Desinfiziert : C:\Users\bs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Registry Helper]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{041CFB48-B8CC-4625-8F8D-128CD1452CD2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09D44F2C-D183-433E-A93A-B48D3274C4B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5D0CE6F8-FFE7-4BC6-852F-AA16F7C8399F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6278A062-3363-4B00-918B-F3E0B490C462}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7A2ECF20-E47F-42A0-8B83-D660809E92AB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E4BA1911-4F14-43D4-8302-5DC5A623BB34}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


*************************

AdwCleaner[R0].txt - [3939 octets] - [29/11/2014 12:48:09]
AdwCleaner[S0].txt - [3878 octets] - [29/11/2014 12:56:47]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3938 octets] ##########
Punkt 3 der JRT Text
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by bs on 29.11.2014 at 13:04:33,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.11.2014 at 13:07:11,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Punkt 4 der neu FRST Text

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Björn (ATTENTION: The logged in user is not administrator) on BSPC on 29-11-2014 13:28:01
Running from C:\Users\Björn\Desktop
Loaded Profile: Björn (Available profiles: bs & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] => C:\Users\bs\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\MountPoints2: {025c8207-f71f-11df-aac2-806e6f6e6963} - D:\autorun.exe
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> DefaultScope {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\webde-suche.xml
FF Extension: WEB.DE MailCheck - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\toolbar@web.de [2014-11-02]
FF Extension: ICQ Toolbar - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-28]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-18]
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-18]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-18]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-18]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 GPU-Z; \??\C:\Users\bs\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 13:27 - 2014-11-29 13:27 - 00004024 _____ () C:\Users\Björn\Desktop\AdwCleaner[S0].txt
2014-11-29 13:25 - 2014-11-29 13:25 - 00000622 _____ () C:\Users\Björn\Desktop\JRT.txt
2014-11-29 13:12 - 2014-11-29 13:12 - 00000000 ____D () C:\Users\bs\AppData\Roaming\Mozilla
2014-11-29 13:11 - 2014-11-29 13:11 - 00000000 __SHD () C:\Users\bs\AppData\Local\EmieBrowserModeList
2014-11-29 13:07 - 2014-11-29 13:07 - 00000622 _____ () C:\Users\bs\Desktop\JRT.txt
2014-11-29 13:04 - 2014-11-29 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-11-29 13:03 - 2014-11-29 13:03 - 01707646 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-11-29 12:47 - 2014-11-29 12:56 - 00000000 ____D () C:\AdwCleaner
2014-11-29 12:46 - 2014-11-29 12:46 - 02148864 _____ () C:\Users\Björn\Desktop\AdwCleaner_4.102.exe
2014-11-29 12:45 - 2014-11-29 12:45 - 00039117 _____ () C:\Users\Björn\Desktop\mbam.txt
2014-11-29 12:27 - 2014-11-29 12:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 12:27 - 2014-11-29 12:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 12:25 - 2014-11-29 12:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Björn\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-29 12:17 - 2014-11-29 12:17 - 00001270 _____ () C:\Users\bs\Desktop\Revo Uninstaller.lnk
2014-11-29 12:17 - 2014-11-29 12:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-29 12:15 - 2014-11-29 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Björn\Desktop\revosetup95.exe
2014-11-28 14:51 - 2014-11-28 14:51 - 00000000 ____D () C:\Users\Björn\txt
2014-11-28 14:40 - 2014-11-28 14:40 - 00019424 _____ () C:\Users\Björn\Desktop\Addition.txt
2014-11-28 14:39 - 2014-11-29 13:28 - 00019503 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-11-28 14:39 - 2014-11-29 13:28 - 00000000 ____D () C:\FRST
2014-11-28 14:32 - 2014-11-28 14:32 - 02117632 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-11-28 12:33 - 2014-11-28 12:33 - 00002117 _____ () C:\Users\Björn\Downloads\image-3.x-png
2014-11-28 12:32 - 2014-11-28 12:32 - 00007880 _____ () C:\Users\Björn\Downloads\image-2.x-png
2014-11-27 14:37 - 2014-11-27 14:41 - 00000000 ____D () C:\Users\Björn\BFO
2014-11-25 19:34 - 2014-11-25 19:34 - 00009170 _____ () C:\Users\Björn\Documents\cc_20141125_193358.reg
2014-11-25 19:31 - 2014-11-25 19:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-25 19:31 - 2014-11-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2014-11-25 19:31 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-25 19:26 - 2014-11-25 19:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Björn\Downloads\spybot-2.4.exe
2014-11-25 08:52 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 08:52 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 22:27 - 2014-11-16 22:27 - 00000000 __SHD () C:\Users\Björn\AppData\Local\EmieBrowserModeList
2014-11-16 09:58 - 2014-11-16 09:59 - 265218167 _____ () C:\Users\Björn\Downloads\labboens.zip
2014-11-12 20:41 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 20:41 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 20:41 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 20:41 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 20:41 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 20:41 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 20:41 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 20:41 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 20:41 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 20:41 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 20:41 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 20:41 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 20:41 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 20:41 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 20:41 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 20:41 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 20:41 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:41 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:41 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:41 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:41 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:41 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:41 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 20:41 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 20:41 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 20:41 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 20:41 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 20:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 20:39 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:39 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 20:39 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:39 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 20:39 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 20:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 20:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 20:35 - 2014-11-12 20:35 - 256870246 _____ () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe.rar
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTSPackageRegistry
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTS Editor 64bit 6.0.2
2014-11-05 20:47 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\PipaPo
2014-11-05 20:47 - 2014-11-05 20:47 - 00000000 ____D () C:\Program Files\GIANTS Software
2014-10-30 18:16 - 2014-10-30 18:16 - 00001303 _____ () C:\Users\Björn\Desktop\Landwirtschafts Simulator 15 .lnk
2014-10-30 18:12 - 2014-10-30 18:12 - 00001285 _____ () C:\Users\bs\Desktop\Landwirtschafts Simulator 15 .lnk
2014-10-30 18:12 - 2014-10-30 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015
2014-10-30 18:08 - 2014-10-30 18:31 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-29 13:23 - 2013-01-22 08:19 - 00061100 _____ () C:\Windows\setupact.log
2014-11-29 13:23 - 2010-11-20 07:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-29 13:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 13:22 - 2010-11-23 17:37 - 01109815 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 13:05 - 2012-04-12 06:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 13:05 - 2010-11-23 17:45 - 00001345 _____ () C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-29 13:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-29 13:05 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 13:05 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 12:58 - 2013-01-22 08:19 - 00216414 _____ () C:\Windows\PFRO.log
2014-11-29 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-29 12:38 - 2014-06-20 19:20 - 00000000 ____D () C:\temp
2014-11-28 14:51 - 2010-11-23 18:01 - 00000000 ____D () C:\Users\Björn
2014-11-26 11:05 - 2012-04-12 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 11:05 - 2011-05-20 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 10:54 - 2010-11-26 14:44 - 00016463 _____ () C:\Users\Björn\Documents\Rech.ods
2014-11-16 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:05 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 08:05 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 08:05 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 07:59 - 2009-07-14 05:45 - 00291280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:56 - 2014-05-07 09:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:54 - 2013-08-15 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:52 - 2010-11-23 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-05 20:47 - 2010-11-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2014-11-05 20:44 - 2012-10-26 18:40 - 00000000 ____D () C:\Users\Björn\Documents\My Games
2014-11-05 20:43 - 2010-11-23 17:45 - 00000000 ____D () C:\Users\bs
2014-10-30 18:13 - 2013-08-18 12:44 - 00038018 _____ () C:\Windows\DirectX.log
2014-10-30 18:00 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-30 12:25 - 2010-11-23 18:14 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\bs\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\bs\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bs\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bs\AppData\Local\Temp\nvStInst.exe
C:\Users\bs\AppData\Local\Temp\Quarantine.exe
C:\Users\bs\AppData\Local\Temp\sonarinst.exe
C:\Users\bs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---

--- --- ---


Ich hoffe ich habe soweit alles richtig gemacht

schrauber 30.11.2014 08:36

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Berni34 30.11.2014 16:55
So als erstes der log Text
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0a180674f1592241a534016ba0c5eafa
# engine=21332
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-30 03:37:16
# local_time=2014-11-30 04:37:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6135825 111543046 0 0
# scanned=224534
# found=1
# cleaned=0
# scan_time=9519
sh=15DF73618AC6DC9E3B26953DF9151E1A7BBFC3F5 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\temp\InstallFilter64.msi"
Als Zweites der check Text
Code:
Results of screen317's Security Check version 0.99.91 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware Version 2.0.3.1025 
 Java(TM) 6 Update 27 
 Java version 32-bit out of Date!
 Adobe Flash Player 15.0.0.239 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
 Mozilla Firefox 31.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Und zu guter Letzt der FRST Text

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Björn (ATTENTION: The logged in user is not administrator) on BSPC on 30-11-2014 16:49:57
Running from C:\Users\Björn\Desktop
Loaded Profiles: bs & Björn (Available profiles: bs & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] => C:\Users\bs\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.2\ICQ.exe [133432 2010-11-25] (ICQ, LLC.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [uTorrent] => C:\Users\bs\AppData\Roaming\uTorrent\uTorrent.exe [1837904 2014-06-20] (BitTorrent Inc.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\MountPoints2: {025c8207-f71f-11df-aac2-806e6f6e6963} - D:\autorun.exe
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: [S-1-5-21-3575294459-91720082-2641978701-1001] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> DefaultScope {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\searchplugins\webde-suche.xml
FF Extension: WEB.DE MailCheck - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\toolbar@web.de [2014-11-29]
FF Extension: ICQ Toolbar - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\8bkfb7tg.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-28]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-18]
CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-18]
CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-18]
CHR Extension: (Google-Suche) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-18]
CHR Extension: (Google Mail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 GPU-Z; \??\C:\Users\bs\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:49 - 2014-11-30 16:50 - 00020234 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-11-30 16:49 - 2014-11-30 16:49 - 00001213 _____ () C:\Users\Björn\Desktop\check.txt
2014-11-30 16:46 - 2014-11-30 16:48 - 00001213 _____ () C:\Users\bs\Desktop\checkup.txt
2014-11-30 16:43 - 2014-11-30 16:43 - 00852490 _____ () C:\Users\Björn\Desktop\SecurityCheck.exe
2014-11-30 13:54 - 2014-11-30 13:54 - 02347384 _____ (ESET) C:\Users\Björn\Desktop\esetsmartinstaller_deu.exe
2014-11-29 15:40 - 2014-11-29 15:40 - 00000000 ____D () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe(1)
2014-11-29 15:30 - 2014-11-29 15:33 - 256870246 _____ () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe(1).rar
2014-11-29 13:12 - 2014-11-29 13:12 - 00000000 ____D () C:\Users\bs\AppData\Roaming\Mozilla
2014-11-29 13:11 - 2014-11-29 13:11 - 00000000 __SHD () C:\Users\bs\AppData\Local\EmieBrowserModeList
2014-11-29 13:07 - 2014-11-29 13:07 - 00000622 _____ () C:\Users\bs\Desktop\JRT.txt
2014-11-29 13:04 - 2014-11-29 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-11-29 13:03 - 2014-11-29 13:03 - 01707646 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-11-29 12:47 - 2014-11-29 12:56 - 00000000 ____D () C:\AdwCleaner
2014-11-29 12:46 - 2014-11-29 12:46 - 02148864 _____ () C:\Users\Björn\Desktop\AdwCleaner_4.102.exe
2014-11-29 12:27 - 2014-11-29 12:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 12:27 - 2014-11-29 12:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 12:25 - 2014-11-29 12:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Björn\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-29 12:17 - 2014-11-29 12:17 - 00001270 _____ () C:\Users\bs\Desktop\Revo Uninstaller.lnk
2014-11-29 12:17 - 2014-11-29 12:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-29 12:15 - 2014-11-29 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Björn\Desktop\revosetup95.exe
2014-11-28 14:51 - 2014-11-28 14:51 - 00000000 ____D () C:\Users\Björn\txt
2014-11-28 14:39 - 2014-11-30 16:49 - 00000000 ____D () C:\FRST
2014-11-28 14:32 - 2014-11-28 14:32 - 02117632 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-11-28 12:33 - 2014-11-28 12:33 - 00002117 _____ () C:\Users\Björn\Downloads\image-3.x-png
2014-11-28 12:32 - 2014-11-28 12:32 - 00007880 _____ () C:\Users\Björn\Downloads\image-2.x-png
2014-11-27 14:37 - 2014-11-27 14:41 - 00000000 ____D () C:\Users\Björn\BFO
2014-11-25 19:34 - 2014-11-25 19:34 - 00009170 _____ () C:\Users\Björn\Documents\cc_20141125_193358.reg
2014-11-25 19:31 - 2014-11-25 19:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-25 19:31 - 2014-11-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2014-11-25 19:31 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-25 19:26 - 2014-11-25 19:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Björn\Downloads\spybot-2.4.exe
2014-11-25 08:52 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 08:52 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 22:27 - 2014-11-16 22:27 - 00000000 __SHD () C:\Users\Björn\AppData\Local\EmieBrowserModeList
2014-11-16 09:58 - 2014-11-16 09:59 - 265218167 _____ () C:\Users\Björn\Downloads\labboens.zip
2014-11-12 20:41 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 20:41 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 20:41 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 20:41 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 20:41 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 20:41 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 20:41 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 20:41 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 20:41 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 20:41 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 20:41 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 20:41 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 20:41 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 20:41 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 20:41 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 20:41 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 20:41 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:41 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:41 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:41 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:41 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:41 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:41 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 20:41 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 20:41 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 20:41 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 20:41 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 20:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 20:39 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:39 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 20:39 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:39 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 20:39 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 20:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 20:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTSPackageRegistry
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTS Editor 64bit 6.0.2
2014-11-05 20:47 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\PipaPo
2014-11-05 20:47 - 2014-11-05 20:47 - 00000000 ____D () C:\Program Files\GIANTS Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:05 - 2012-04-12 06:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 14:21 - 2010-11-23 17:37 - 01160444 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 13:53 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:53 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 13:38 - 2013-01-22 08:19 - 00061268 _____ () C:\Windows\setupact.log
2014-11-30 13:38 - 2010-11-20 07:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 13:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 13:05 - 2010-11-23 17:45 - 00001345 _____ () C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-29 13:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-29 12:58 - 2013-01-22 08:19 - 00216414 _____ () C:\Windows\PFRO.log
2014-11-29 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-29 12:38 - 2014-06-20 19:20 - 00000000 ____D () C:\temp
2014-11-28 14:51 - 2010-11-23 18:01 - 00000000 ____D () C:\Users\Björn
2014-11-26 11:05 - 2012-04-12 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 11:05 - 2011-05-20 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 10:54 - 2010-11-26 14:44 - 00016463 _____ () C:\Users\Björn\Documents\Rech.ods
2014-11-16 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:05 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 08:05 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 08:05 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 07:59 - 2009-07-14 05:45 - 00291280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:56 - 2014-05-07 09:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:54 - 2013-08-15 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:52 - 2010-11-23 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-05 20:47 - 2010-11-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2014-11-05 20:44 - 2012-10-26 18:40 - 00000000 ____D () C:\Users\Björn\Documents\My Games
2014-11-05 20:43 - 2010-11-23 17:45 - 00000000 ____D () C:\Users\bs

Some content of TEMP:
====================
C:\Users\bs\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\bs\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bs\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bs\AppData\Local\Temp\nvStInst.exe
C:\Users\bs\AppData\Local\Temp\Quarantine.exe
C:\Users\bs\AppData\Local\Temp\sonarinst.exe
C:\Users\bs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
--- --- ---


Mfg

schrauber 01.12.2014 06:36
Java, Adobe und Firefox updaten.


Ich wiederhole mich mal:

Zitat:
Unsere Tools brauchen immer Adminrechte.
FRST aus dem Adminkonto, Haken bei Addition setzen, beide Logfiles posten.

Berni34 01.12.2014 20:33
Guten Abend
Wenn ich das Java Update Installieren will kommt bei mir die Meldung
Download der erforderlichen Installationsdateien ist fehlgeschlagen.

Den Rest habe ich mit einem Update versehen.

Und FRST als Admin gestartet.

FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by bs (administrator) on BSPC on 01-12-2014 20:30:18
Running from C:\Users\Björn\Desktop
Loaded Profiles: bs & Björn (Available profiles: bs & Björn & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Ocs_SM] => C:\Users\bs\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [ICQ] => C:\Program Files (x86)\ICQ7.2\ICQ.exe [133432 2010-11-25] (ICQ, LLC.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [uTorrent] => C:\Users\bs\AppData\Roaming\uTorrent\uTorrent.exe [1837904 2014-06-20] (BitTorrent Inc.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\MountPoints2: {025c8207-f71f-11df-aac2-806e6f6e6963} - D:\autorun.exe
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
HKU\S-1-5-21-3575294459-91720082-2641978701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3575294459-91720082-2641978701-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1001 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> DefaultScope {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {0BCA6CF6-577E-41F4-85EC-5A156FDCEF17} URL =
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-3575294459-91720082-2641978701-1003 -> {87A2E17E-EF17-4CFD-8388-F56C79530F80} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\bs\AppData\Roaming\Mozilla\Firefox\Profiles\iynbrlk2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3575294459-91720082-2641978701-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 GPU-Z; \??\C:\Users\bs\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 20:30 - 2014-12-01 20:30 - 00018074 _____ () C:\Users\Björn\Desktop\FRST.txt
2014-12-01 20:22 - 2014-12-01 20:22 - 00000000 ____D () C:\Users\Björn\Desktop\FRST-OlderVersion
2014-12-01 20:11 - 2014-12-01 20:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-01 20:11 - 2014-12-01 20:11 - 00002025 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-01 20:11 - 2014-12-01 20:11 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-30 16:49 - 2014-11-30 16:49 - 00001213 _____ () C:\Users\Björn\Desktop\check.txt
2014-11-30 16:46 - 2014-11-30 16:48 - 00001213 _____ () C:\Users\bs\Desktop\checkup.txt
2014-11-30 16:43 - 2014-11-30 16:43 - 00852490 _____ () C:\Users\Björn\Desktop\SecurityCheck.exe
2014-11-30 13:54 - 2014-11-30 13:54 - 02347384 _____ (ESET) C:\Users\Björn\Desktop\esetsmartinstaller_deu.exe
2014-11-29 15:40 - 2014-11-29 15:40 - 00000000 ____D () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe(1)
2014-11-29 15:30 - 2014-11-29 15:33 - 256870246 _____ () C:\Users\Björn\Downloads\Holzhausen_Entpacken_UnzipMe(1).rar
2014-11-29 13:12 - 2014-11-29 13:12 - 00000000 ____D () C:\Users\bs\AppData\Roaming\Mozilla
2014-11-29 13:11 - 2014-11-29 13:11 - 00000000 __SHD () C:\Users\bs\AppData\Local\EmieBrowserModeList
2014-11-29 13:07 - 2014-11-29 13:07 - 00000622 _____ () C:\Users\bs\Desktop\JRT.txt
2014-11-29 13:04 - 2014-11-29 13:04 - 00000000 ____D () C:\Windows\ERUNT
2014-11-29 13:03 - 2014-11-29 13:03 - 01707646 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-11-29 12:47 - 2014-11-29 12:56 - 00000000 ____D () C:\AdwCleaner
2014-11-29 12:46 - 2014-11-29 12:46 - 02148864 _____ () C:\Users\Björn\Desktop\AdwCleaner_4.102.exe
2014-11-29 12:27 - 2014-11-29 12:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 12:27 - 2014-11-29 12:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 12:27 - 2014-11-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 12:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 12:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 12:25 - 2014-11-29 12:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Björn\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-29 12:17 - 2014-11-29 12:17 - 00001270 _____ () C:\Users\bs\Desktop\Revo Uninstaller.lnk
2014-11-29 12:17 - 2014-11-29 12:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-29 12:15 - 2014-11-29 12:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Björn\Desktop\revosetup95.exe
2014-11-28 14:51 - 2014-11-28 14:51 - 00000000 ____D () C:\Users\Björn\txt
2014-11-28 14:39 - 2014-12-01 20:30 - 00000000 ____D () C:\FRST
2014-11-28 14:32 - 2014-12-01 20:22 - 02117120 _____ (Farbar) C:\Users\Björn\Desktop\FRST64.exe
2014-11-28 12:33 - 2014-11-28 12:33 - 00002117 _____ () C:\Users\Björn\Downloads\image-3.x-png
2014-11-28 12:32 - 2014-11-28 12:32 - 00007880 _____ () C:\Users\Björn\Downloads\image-2.x-png
2014-11-27 14:37 - 2014-11-27 14:41 - 00000000 ____D () C:\Users\Björn\BFO
2014-11-25 19:34 - 2014-11-25 19:34 - 00009170 _____ () C:\Users\Björn\Documents\cc_20141125_193358.reg
2014-11-25 19:31 - 2014-11-25 19:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-25 19:31 - 2014-11-25 19:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2014-11-25 19:31 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-25 19:31 - 2014-11-25 19:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-25 19:31 - 2014-11-25 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-25 19:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-25 19:26 - 2014-11-25 19:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Björn\Downloads\spybot-2.4.exe
2014-11-25 08:52 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 08:52 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 08:52 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 22:27 - 2014-11-16 22:27 - 00000000 __SHD () C:\Users\Björn\AppData\Local\EmieBrowserModeList
2014-11-16 09:58 - 2014-11-16 09:59 - 265218167 _____ () C:\Users\Björn\Downloads\labboens.zip
2014-11-12 20:41 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 20:41 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 20:41 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 20:41 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 20:41 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 20:41 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 20:41 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 20:41 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 20:41 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 20:41 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 20:41 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 20:41 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 20:41 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 20:41 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 20:41 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 20:41 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 20:41 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 20:41 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 20:41 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 20:41 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 20:41 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 20:41 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 20:41 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 20:41 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 20:41 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 20:41 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 20:41 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 20:41 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 20:41 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 20:41 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 20:41 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 20:41 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 20:41 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 20:41 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:41 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:41 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:41 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:41 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 20:41 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:41 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 20:41 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 20:41 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 20:41 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 20:41 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 20:41 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 20:39 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:39 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 20:39 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:39 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 20:39 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 20:39 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 20:39 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 20:39 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 20:39 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 20:39 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 20:39 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 20:39 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:39 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 20:39 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 20:39 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:39 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTSPackageRegistry
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\GIANTS Editor 64bit 6.0.2
2014-11-05 20:47 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\Björn\PipaPo
2014-11-05 20:47 - 2014-11-05 20:47 - 00000000 ____D () C:\Program Files\GIANTS Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 20:11 - 2010-12-01 15:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-01 20:05 - 2012-04-12 06:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 20:00 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 20:00 - 2009-07-14 05:45 - 00022848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-01 19:56 - 2010-11-23 17:37 - 01221945 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 19:52 - 2013-01-22 08:19 - 00061604 _____ () C:\Windows\setupact.log
2014-12-01 19:52 - 2010-11-20 07:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-01 19:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 18:57 - 2013-01-22 08:19 - 00217240 _____ () C:\Windows\PFRO.log
2014-11-29 13:05 - 2010-11-23 17:45 - 00001345 _____ () C:\Users\bs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-29 13:05 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-29 12:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-29 12:38 - 2014-06-20 19:20 - 00000000 ____D () C:\temp
2014-11-28 14:51 - 2010-11-23 18:01 - 00000000 ____D () C:\Users\Björn
2014-11-26 11:05 - 2012-04-12 06:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 11:05 - 2012-04-12 06:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 11:05 - 2011-05-20 14:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 10:54 - 2010-11-26 14:44 - 00016463 _____ () C:\Users\Björn\Documents\Rech.ods
2014-11-16 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:05 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-14 08:05 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-14 08:05 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 07:59 - 2009-07-14 05:45 - 00291280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:56 - 2014-05-07 09:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:54 - 2013-08-15 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 21:52 - 2010-11-23 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-05 20:47 - 2010-11-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
2014-11-05 20:44 - 2012-10-26 18:40 - 00000000 ____D () C:\Users\Björn\Documents\My Games
2014-11-05 20:43 - 2010-11-23 17:45 - 00000000 ____D () C:\Users\bs

Some content of TEMP:
====================
C:\Users\bs\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\bs\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bs\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bs\AppData\Local\Temp\nvStInst.exe
C:\Users\bs\AppData\Local\Temp\Quarantine.exe
C:\Users\bs\AppData\Local\Temp\sonarinst.exe
C:\Users\bs\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 09:34

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by bs at 2014-12-01 20:30:41
Running from C:\Users\Björn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3575294459-91720082-2641978701-1001\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Angry Birds (HKLM-x32\...\{32EE0FCC-7E06-4B31-B186-E2663EB1F373}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Angry Birds Seasons (HKLM-x32\...\{CE5ED681-DF8E-425E-9CE6-F6251A6781AC}) (Version: 4.0.1 - Rovio Entertainment Ltd.)
Angry Birds Space (HKLM-x32\...\{C9C763DF-F912-457F-A8BF-88E043BC45FE}) (Version: 1.6.0 - Rovio Entertainment Ltd.)
Angry Birds Star Wars (HKLM-x32\...\{F0381292-F3A4-4948-B4DA-B5080EF17FDF}) (Version: 1.5.0 - Rovio Entertainment Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
Bad Piggies (HKLM-x32\...\{9524C306-CC16-44A0-82AA-996409D1A059}) (Version: 1.3.0.0 - Rovio Entertainment Ltd.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
GIANTS Editor 6.0.2 64-bit (HKLM-x32\...\giants_editor_6.0.2_win64_is1) (Version: 6.0.2 - GIANTS Software GmbH)
Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICQ 7.2 Build #3159 Banner Remover 1.0 (HKLM-x32\...\{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1) (Version:  - murb.com)
ICQ7.2 (HKLM-x32\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.270 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nicht ärgern! inkl. Hutfangen + Gesperrt 1.0  (HKLM-x32\...\Nicht ärgern! inkl. Hutfangen + Gesperrt) (Version: 1.0 - cerasus.media)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NVIDIA 3D Vision Controller-Treiber 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.10.69 - Electronic Arts, Inc.)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamSpeak 3 Client (HKU\S-1-5-21-3575294459-91720082-2641978701-1003\...\TeamSpeak 3 Client) (Version: 3.0.9.2 - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12541 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3575294459-91720082-2641978701-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File
CustomCLSID: HKU\S-1-5-21-3575294459-91720082-2641978701-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll No File

==================== Restore Points  =========================

09-11-2014 05:34:44 Windows Update
12-11-2014 19:58:03 Windows Update
12-11-2014 20:51:06 Windows Update
16-11-2014 06:33:26 Windows Update
25-11-2014 07:47:13 Windows Update
25-11-2014 10:02:41 Windows Update
29-11-2014 11:20:12 Revo Uninstaller's restore point - webssearches uninstaller
29-11-2014 11:22:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2010-11-25 16:27 - 00000998 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com
127.0.0.1 adserver.71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 71i.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1669982F-B96C-4FFE-88FD-EBDB73043C5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {28B81F39-0A0B-4ECB-81E6-1DFD9BAFE557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {59199FAC-8B8E-4DE7-8DB9-B81ACE4F4724} - System32\Tasks\hpUtility.exe_{4CE4BF73-6328-4F2D-9956-1DC1BCCC7849} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8176E5E7-25F6-47E7-9898-53D45B549285} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9C73BF52-C04D-4C25-BC66-10FA7D8FD152} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {F288B6C5-CC91-4053-9AC7-0797C188DA17} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-15 15:52 - 2013-09-12 08:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-23 17:45 - 2009-08-06 06:51 - 00065536 _____ () C:\Windows\SysWOW64\XSrvSetup.exe
2011-04-14 19:31 - 2013-10-13 17:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-25 16:34 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2010-11-08 16:15 - 2010-11-08 16:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-25 19:31 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-25 19:31 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-25 19:31 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-25 19:31 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-25 19:31 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-05 20:16 - 2014-11-05 20:16 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-11-20 07:07 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3575294459-91720082-2641978701-500 - Administrator - Enabled) => C:\Users\Administrator
Björn (S-1-5-21-3575294459-91720082-2641978701-1003 - Limited - Enabled) => C:\Users\Björn
bs (S-1-5-21-3575294459-91720082-2641978701-1001 - Administrator - Enabled) => C:\Users\bs
Gast (S-1-5-21-3575294459-91720082-2641978701-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3575294459-91720082-2641978701-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 04:39:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:56:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:54:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2014 01:54:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (12/01/2014 07:55:18 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/

Error: (12/01/2014 06:59:42 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (12/01/2014 06:59:42 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/3427777506/


Microsoft Office Sessions:
=========================
Error: (11/30/2014 04:39:43 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/30/2014 01:56:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Desktop\esetsmartinstaller_deu.exe

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Desktop\esetsmartinstaller_deu.exe

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Desktop\esetsmartinstaller_deu.exe

Error: (11/30/2014 01:56:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Desktop\esetsmartinstaller_deu.exe

Error: (11/30/2014 01:54:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Desktop\esetsmartinstaller_deu.exe

Error: (11/30/2014 01:54:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Björn\Downloads\esetsmartinstaller_deu.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 4087.42 MB
Available physical RAM: 2273.76 MB
Total Pagefile: 8173.02 MB
Available Pagefile: 6125.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:698.64 GB) (Free:615.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Landwirtschafts-Simulator 2015) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA4745F0)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
MFG

schrauber 02.12.2014 17:40
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
C:\Windows\SysWOW64\XSrvSetup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme mit dem Rechner?

Berni34 02.12.2014 20:35
Guten Abend.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by bs at 2014-12-02 20:33:13 Run:1
Running from C:\Users\Björn\Desktop
Loaded Profiles: bs & Björn (Available profiles: bs & Björn & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49783;https=127.0.0.1:49783
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [65536 2009-08-06] () [File not signed]
C:\Windows\SysWOW64\XSrvSetup.exe
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
JMB36X => Service stopped successfully.
JMB36X => Service deleted successfully.
C:\Windows\SysWOW64\XSrvSetup.exe => Moved successfully.

==== End of Fixlog ====
Also Werbung habe ich jetzt nicht mehr wenn ich mit Firefox online gehe :daumenhoc.

MFG

schrauber 03.12.2014 11:59
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Berni34 04.12.2014 18:45
Besten danke für die Hilfe .
Ein guter Job :daumenhoc:daumenhoc

schrauber 05.12.2014 16:37
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27