Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 15.02.2015
Scan Time: 12:57:32
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.15.01
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Media Markt
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378395
Time Elapsed: 10 min, 36 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.FindPositive.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 3036, Delete-on-Reboot, [f2cbe33b2b5fc373081c966c61a20000]
Modules: 0
(No malicious items detected)
Registry Keys: 27
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{50F60937-910A-4C05-8E36-FE4E299191CF}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{63c63464-1423-4fdb-ba5d-6f75f491c63e}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.FindPositive.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [f0cd41dd1e6cd1651e821a26cf348d73],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [1aa326f8f79384b2eb309ba924df56aa],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [1aa326f8f79384b2eb309ba924df56aa],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Delete-on-Reboot, [5964f42acfbbfa3cf068fe09de25659b],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [5964f42acfbbfa3cf068fe09de25659b],
PUP.Optional.PositiveFinds.A, HKLM\SOFTWARE\WOW6432NODE\PositiveFinds, Quarantined, [5e5f8b93c6c4f541686ea6e79c67cf31],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [56678896a5e59e98ceaf00b35ea531cf],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Delete-on-Reboot, [54690e1098f268ce47463fd75fa614ec],
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Delete-on-Reboot, [cdf0be607911d95decac64907391e41c],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Delete-on-Reboot, [dae3e43aafdb5ed8f40952528281ef11],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Delete-on-Reboot, [94297aa4ccbe0630ed4efade2bd8eb15],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Delete-on-Reboot, [3b8208164149ec4a11156d81f60e35cb],
PUP.Optional.Linkury.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Delete-on-Reboot, [f6c70717e9a19d9964ddaa01fd0604fc],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Delete-on-Reboot, [a21b021cd3b7ea4c0d6f8c27966d41bf],
Registry Values: 4
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [15a888967b0f9e9873b95157fc07768a]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [19a438e67a1056e0e04c5454e81b7888]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, Delete-on-Reboot, [3b8208164149ec4a11156d81f60e35cb]
PUP.Optional.Linkury.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, YahooOC, Delete-on-Reboot, [f6c70717e9a19d9964ddaa01fd0604fc]
Registry Data: 9
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=),Replaced,[17a6130b93f740f69b3d10af808550b0]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0CyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=270588048&i r=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0CyByBtAtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=270588048&i r=),Replaced,[7944bd612e5c90a623647e384eb71ae6]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=),Replaced,[ecd1e737dbaf38fec315437c9273ca36]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Delete-on-Reboot,[3f7e77a7e9a1c96dc2c9e4d2fa0b1ce4]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=, Good: (www.google.com), Bad: (hxxp://start.mysearchdial.com/?f=1&a=ir_14_12_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0C0ByCyD0AyEyDyEyEyD0CyCtCtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L 1Qzu2StDtBzzyEyDyBtCyDtGyD0CyDtCtGtAyEtD0FtGzy0AtBzytGtC0F0D0D0B0F0C0B0AtCtB0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0E0DyEzz0EtCtGtCzzzyyCtGyEtC0EtDtGyCzy0B0C tGyCyDyDyB0AyDyEyBtAyEyCyB2Q&cr=1968803628&ir=),Delete-on-Reboot,[05b846d8a4e663d37b5c67587a8bce32]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Delete-on-Reboot,[38853ae43951b4823b4fcde9cc3952ae]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Delete-on-Reboot,[9b22f42afd8dae88eca164525aabd22e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Delete-on-Reboot,[6c516eb01674fe38a8e6981ee124a25e]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-721494759-1310166264-1152750241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000, Good: (www.google.com), Bad: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2789b382-2d1f-881d-cc35-6c84165db550&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=13/01/2014&type=hp1000),Delete-on-Reboot,[3e7f7ba314761c1abacf23932adbe21e]
Folders: 6
PUP.Optional.OpenCandy, C:\Users\Media Markt\AppData\Roaming\OpenCandy, Quarantined, [0db017077317d1654b6568ec986bce32],
PUP.Optional.OpenCandy, C:\Users\Media Markt\AppData\Roaming\OpenCandy\409162D7BE9043FD9C75D395258EE9C3, Quarantined, [0db017077317d1654b6568ec986bce32],
PUP.Optional.OpenCandy, C:\Users\Media Markt\AppData\Roaming\OpenCandy\41BD4340DAA140BAA5C0102419E608C3, Quarantined, [0db017077317d1654b6568ec986bce32],
PUP.Optional.SystemSpeedup, C:\Users\Media Markt\AppData\Roaming\systweak\ssd, Quarantined, [4e6f1d01523875c162228fdda45f946c],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.PositiveFinds.A, C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602, Quarantined, [2d90d04e7a10989e034f92fa12f149b7],
Files: 13
PUP.Optional.FindPositive.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Delete-on-Reboot, [f2cbe33b2b5fc373081c966c61a20000],
PUP.Optional.Linkury.A, C:\Users\Media Markt\AppData\Roaming\OpenCandy\409162D7BE9043FD9C75D395258EE9C3\Installer.exe, Quarantined, [e8d59e80e4a648ee7d8f670141c4768a],
PUP.Adware.Agent, C:\Users\Media Markt\AppData\Local\Temp\PositiveFinds\Setup.exe, Quarantined, [12ab57c79eecb086a2285aac31cf837d],
PUP.Optional.DigitalSites.A, C:\Windows\Tasks\Digital Sites.job, Quarantined, [902d66b88cfe4aeca0eea5712bda13ed],
PUP.Optional.DigitalSites.A, C:\Windows\System32\Tasks\Digital Sites, Quarantined, [209df02ec9c15bdbbfd042d4ce37a45c],
PUP.Optional.OpenCandy, C:\Users\Media Markt\AppData\Roaming\OpenCandy\41BD4340DAA140BAA5C0102419E608C3\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, Quarantined, [0db017077317d1654b6568ec986bce32],
PUP.Optional.SystemSpeedup, C:\Users\Media Markt\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [4e6f1d01523875c162228fdda45f946c],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.Updater.A, C:\Users\Media Markt\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [77469c82e8a2b3839e196f01d82b0000],
PUP.Optional.PositiveFinds.A, C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\temp, Quarantined, [2d90d04e7a10989e034f92fa12f149b7],
Physical Sectors: 0
(No malicious items detected)
(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.110 - Bericht erstellt 15/02/2015 um 13:19:21
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Media Markt - VAIO
# Gestarted von : C:\Users\Media Markt\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Users\MEDIAM~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Media Markt\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Media Markt\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Media Markt\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Media Markt\AppData\Roaming\RHEng
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\Users\MEDIAM~1\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Media Markt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Media Markt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Media Markt\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\feocblgcojafilfbgoineopkngchgaei
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\feocblgcojafilfbgoineopkngchgaei
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F36C143C-4C6D-45AE-9C94-9D5C15BAB3D8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F36C143C-4C6D-45AE-9C94-9D5C15BAB3D8}
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5356 Bytes] - [15/02/2015 13:16:34]
AdwCleaner[S0].txt - [4961 Bytes] - [15/02/2015 13:19:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5020 Bytes] ##########
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Media Markt on 15.02.2015 at 13:26:58,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Media Markt\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Media Markt\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\WINDOWS\prefetch\ASKPRO.EXE-3E41FB8A.pf
~~~ Folders
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.02.2015 at 13:29:38,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Media Markt (administrator) on VAIO on 15-02-2015 13:47:55
Running from C:\Users\Media Markt\Downloads\FRST-OlderVersion
Loaded Profiles: Media Markt (Available profiles: Media Markt)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FACSMon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqTray.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqSEMx.exe
(Freecom) C:\Windows\Temp\Password.exe
(OPENLiMiT SignCubes GmbH) C:\Program Files (x86)\OPENLiMiT\siqCFGo.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Media Markt\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [142040 2013-07-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1322712 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3050736 2013-05-30] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-16] (Broadcom Corporation.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95536 2013-11-01] (Sensible Vision )
HKLM-x32\...\Run: [SHIWebOnDiskManager] => C:\Program Files (x86)\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2012-08-08] (SHI Elektronische Medien GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [SCLicense] => 欀
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Run: [Google Update] => C:\Users\Media Markt\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-03] (Google Inc.)
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Run: [GoogleChromeAutoLaunch_BB5A9D4CE38EA510829CF43B1FF0D9C5] => C:\Users\Media Markt\AppData\Local\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\MountPoints2: {6e7b5a2b-7dff-11e3-bec2-82581ea6ab58} - "D:\Password.exe"
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\MountPoints2: {a2fbda59-a1dd-11e3-bedb-240a6426a8fe} - "F:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL File Not Found
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenLimit AutoStart.lnk
ShortcutTarget: OpenLimit AutoStart.lnk -> C:\Program Files (x86)\OPENLiMiT\siqSEMr.exe (OPENLiMiT SignCubes GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
ShortcutTarget: Password.lnk -> C:\Windows\Temp\Password.exe (Freecom)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [SiQIconOverlay1] -> {4A6220DC-06E8-41d1-9553-AE7A1A2B8928} => C:\Program Files (x86)\OPENLiMiT\siqSHXn.dll (OPENLiMiT SignCubes GmbH)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-721494759-1310166264-1152750241-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ADE2B81F-48E5-464E-BDAC-9D883DCB5F99}: [NameServer] 139.7.30.126,139.7.30.125
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-721494759-1310166264-1152750241-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Media Markt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-721494759-1310166264-1152750241-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Media Markt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-721494759-1310166264-1152750241-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-721494759-1310166264-1152750241-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2014-01-18]
FF HKU\S-1-5-21-721494759-1310166264-1152750241-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-23]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ch/ig?hl=de&source=iglk
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-03]
CHR Extension: (Google-Suche) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]
CHR Extension: (Donna Karan) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijgnliiiplghalknhobbcngpcngaoji [2015-02-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR Extension: (Google Mail) - C:\Users\Media Markt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-26] (Broadcom Corporation.)
S3 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [176128 2011-04-19] () [File not signed]
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-07] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-20] (Realtek Semiconductor)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-10-15] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [367832 2014-03-14] (Broadcom Corp)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2013-08-22] (Microsoft Corporation)
R3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-10] (Broadcom Corporation.)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows (R) Win 7 DDK provider)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24056 2013-03-25] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99832 2013-03-25] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [84472 2013-03-25] (Intel Corporation)
R3 iaLPSS_UART; C:\Windows\System32\drivers\iaLPSS_UART.sys [142840 2013-03-25] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-10-05] (Intel Corporation)
R3 IntelSensorSolutionAcpi; C:\Windows\System32\drivers\IntelSensorSolutionAcpi.sys [23288 2014-03-30] (Intel® Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99800 2013-05-07] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8242392 2013-07-01] (Realtek Semiconductor Corp.)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-12-27] ()
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 STTub30; C:\Windows\System32\Drivers\STTub30.sys [44184 2014-03-30] (STMicroelectronics)
R3 SynRMIHID; C:\Windows\System32\drivers\SynRMIHID.sys [41200 2013-05-30] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207256 2013-03-15] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [105008 2013-10-13] (WIBU-SYSTEMS AG)
R3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:30 - 2015-02-15 13:30 - 00005140 ____C () C:\Users\Media Markt\Desktop\AdwCleaner[S0].txt
2015-02-15 13:29 - 2015-02-15 13:30 - 00001075 ____C () C:\Users\Media Markt\Desktop\JRT.txt
2015-02-15 13:25 - 2015-02-15 13:25 - 01388274 ____C (Thisisu) C:\Users\Media Markt\Downloads\JRT.exe
2015-02-15 13:16 - 2015-02-15 13:19 - 00000000 ___DC () C:\AdwCleaner
2015-02-15 13:15 - 2015-02-15 13:16 - 02112512 ____C () C:\Users\Media Markt\Downloads\AdwCleaner_4.110.exe
2015-02-15 13:10 - 2015-02-15 13:10 - 00015843 ____C () C:\Users\Media Markt\Desktop\mbam.txt
2015-02-15 12:55 - 2015-02-15 13:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 12:54 - 2015-02-15 12:54 - 00001114 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-15 12:54 - 2015-02-15 12:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-15 12:54 - 2015-02-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-15 12:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-15 12:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-15 12:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-15 12:50 - 2015-02-15 12:53 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Media Markt\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-15 12:44 - 2015-02-15 12:44 - 00001280 ____C () C:\Users\Media Markt\Desktop\Revo Uninstaller.lnk
2015-02-15 12:43 - 2015-02-15 12:43 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\Media Markt\Downloads\revosetup95.exe
2015-02-15 12:43 - 2015-02-15 12:43 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-14 14:34 - 2015-02-15 13:47 - 00000000 ___DC () C:\Users\Media Markt\Downloads\FRST-OlderVersion
2015-02-14 13:59 - 2015-02-15 13:20 - 00006702 _____ () C:\WINDOWS\PFRO.log
2015-02-13 20:07 - 2015-02-14 14:36 - 00049859 ____C () C:\Users\Media Markt\Downloads\Addition.txt
2015-02-13 20:06 - 2015-02-14 14:36 - 00061622 ____C () C:\Users\Media Markt\Downloads\FRST.txt
2015-02-13 20:04 - 2015-02-15 13:47 - 00000000 ___DC () C:\FRST
2015-02-13 20:04 - 2015-02-14 14:34 - 02134528 ____C (Farbar) C:\Users\Media Markt\Downloads\FRST64.exe
2015-02-13 19:38 - 2015-02-13 19:38 - 00775968 ____C (Reimage®) C:\Users\Media Markt\Downloads\ReimageRepair.exe
2015-02-13 19:22 - 2015-02-13 19:22 - 00001580 ____C () C:\Users\Media Markt\Desktop\Fixlist.txt
2015-02-12 16:45 - 2015-02-15 13:20 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-02-12 16:45 - 2015-02-12 16:45 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-12 15:41 - 2015-02-12 15:41 - 00002784 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-12 15:41 - 2015-02-12 15:41 - 00000834 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-12 15:41 - 2015-02-12 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 15:39 - 2015-02-12 15:40 - 04196968 ____C (Piriform Ltd) C:\Users\Media Markt\Downloads\ccsetup502_slim.exe
2015-02-12 10:27 - 2015-01-23 05:41 - 06041600 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 10:27 - 2015-01-23 04:17 - 04300800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 19:05 - 2015-02-11 19:13 - 648437419 ____C () C:\Users\Media Markt\Desktop\Ein Skitag am Wurmberg GOPROVID Full HD.mp4
2015-02-11 18:58 - 2015-02-11 19:00 - 93298507 ____C () C:\Users\Media Markt\Desktop\Ein Skitag am Wurmberg GOPROVID for Mobile.mp4
2015-02-11 18:48 - 2015-02-11 18:53 - 327045434 ____C () C:\Users\Media Markt\Desktop\Ein Skitag am Wurmberg GOPROVID.mp4
2015-02-11 18:35 - 2015-02-11 19:18 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\Skype
2015-02-11 18:35 - 2015-02-11 19:18 - 00000000 ____D () C:\ProgramData\Skype
2015-02-11 18:35 - 2015-02-11 18:35 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Skype
2015-02-11 18:28 - 2015-02-11 18:28 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\TuneUp Software
2015-02-11 18:21 - 2015-02-11 18:21 - 00001257 ____C () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-02-11 18:21 - 2015-02-11 18:21 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-11 18:14 - 2015-02-11 18:15 - 03533008 ____C (DVDVideoSoft Ltd. ) C:\Users\Media Markt\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-11 17:51 - 2015-02-04 00:38 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 17:51 - 2015-02-04 00:08 - 00761856 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 17:51 - 2015-02-04 00:08 - 00414208 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 17:51 - 2015-02-03 00:11 - 01098752 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 17:51 - 2015-02-03 00:11 - 00894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 17:51 - 2015-02-03 00:11 - 00609280 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 17:51 - 2015-01-19 19:42 - 01487976 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 17:51 - 2014-12-19 09:57 - 00788680 ____C (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 17:51 - 2014-12-19 09:25 - 00602776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 17:51 - 2014-12-09 00:12 - 00391526 ____C () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 16:27 - 2015-02-11 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-11 16:23 - 2015-02-12 15:30 - 00210464 ____C () C:\Users\Media Markt\Desktop\ein tag am wurmberg.gcs
2015-02-11 16:20 - 2015-02-11 16:26 - 42096984 ____C (Apple Inc.) C:\Users\Media Markt\Downloads\QuickTimeInstaller.exe
2015-02-11 15:52 - 2015-02-11 17:57 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-11 15:42 - 2015-02-11 16:23 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\GoPro
2015-02-11 15:42 - 2015-02-11 15:43 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\GoPro
2015-02-11 15:42 - 2015-02-11 15:42 - 00001124 ____C () C:\Users\Media Markt\Desktop\GoPro Studio.lnk
2015-02-11 15:42 - 2015-02-11 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-02-11 15:42 - 2015-02-11 15:42 - 00000000 ____D () C:\Program Files (x86)\CineForm
2015-02-11 15:41 - 2015-02-11 16:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-11 15:41 - 2015-02-11 15:58 - 00000000 ____D () C:\Users\Public\CineForm
2015-02-11 15:41 - 2015-02-11 15:42 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-02-11 15:15 - 2015-02-11 15:39 - 163904608 ____C () C:\Users\Media Markt\Downloads\GoProStudioPC-2.5.4.404.exe
2015-02-11 14:56 - 2015-01-15 23:43 - 00563504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:56 - 2015-01-15 23:43 - 00177984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:56 - 2015-01-14 05:22 - 00445440 ____C (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:56 - 2015-01-14 04:53 - 00324096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:56 - 2015-01-13 23:11 - 01762840 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:56 - 2015-01-13 23:04 - 01489072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:56 - 2015-01-10 10:10 - 07472960 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:56 - 2015-01-10 10:10 - 01733440 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:56 - 2015-01-10 09:28 - 01498360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:56 - 2014-12-09 04:45 - 00393728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:56 - 2014-12-09 02:56 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:56 - 2014-10-29 03:51 - 00154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:56 - 2014-10-29 03:50 - 00736768 ____C (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:56 - 2014-10-29 03:06 - 00736768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:56 - 2014-10-29 03:06 - 00154112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:56 - 2014-10-29 03:02 - 00285184 ____C (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:56 - 2014-10-29 03:02 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:56 - 2014-10-29 02:57 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:56 - 2014-10-29 02:31 - 01441792 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:56 - 2014-10-29 02:15 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:56 - 2014-10-29 02:15 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:56 - 2014-10-29 02:14 - 00004096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:56 - 2014-10-29 02:13 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:56 - 2014-10-29 02:13 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 14:51 - 2015-01-12 04:09 - 25056256 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:51 - 2015-01-12 03:48 - 02885632 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:51 - 2015-01-12 03:25 - 19740160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:51 - 2015-01-12 03:02 - 02277888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:51 - 2015-01-12 02:43 - 14401024 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:51 - 2015-01-12 02:14 - 12829184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:51 - 2015-01-10 08:00 - 00430080 ____C (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:51 - 2015-01-10 07:38 - 00359424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:50 - 2015-01-12 03:48 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:50 - 2015-01-12 03:47 - 00088064 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:50 - 2015-01-12 03:34 - 00816128 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:50 - 2015-01-12 03:21 - 00490496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:50 - 2015-01-12 03:08 - 00503296 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:50 - 2015-01-12 03:07 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:50 - 2015-01-12 03:05 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:50 - 2015-01-12 02:58 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:50 - 2015-01-12 02:55 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:50 - 2015-01-12 02:51 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:50 - 2015-01-12 02:48 - 00801280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:50 - 2015-01-12 02:48 - 00718848 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:50 - 2015-01-12 02:48 - 00374272 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:50 - 2015-01-12 02:46 - 02125824 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:50 - 2015-01-12 02:45 - 00418304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:50 - 2015-01-12 02:34 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:50 - 2015-01-12 02:30 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:50 - 2015-01-12 02:27 - 02865152 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:50 - 2015-01-12 02:27 - 02358272 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:50 - 2015-01-12 02:25 - 00230400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:50 - 2015-01-12 02:23 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:50 - 2015-01-12 02:23 - 00688640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:50 - 2015-01-12 02:23 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:50 - 2015-01-12 02:14 - 01548288 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:50 - 2015-01-12 02:02 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:50 - 2015-01-12 02:00 - 01888256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:50 - 2015-01-12 01:56 - 01307136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:50 - 2015-01-12 01:55 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:43 - 2015-01-10 09:22 - 04175872 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-09 22:51 - 2015-02-09 22:51 - 00000000 ____D () C:\WINDOWS\de
2015-02-09 22:50 - 2015-02-09 22:50 - 00001390 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-02-09 22:50 - 2015-02-09 22:50 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-02-09 22:47 - 2015-02-09 22:48 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-02-09 22:47 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-02-09 22:47 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-02-09 22:47 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-02-09 22:47 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-02-09 22:47 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-02-09 22:47 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-02-09 22:47 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-02-09 22:47 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-02-09 22:47 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-02-09 22:47 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-02-09 22:47 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-02-09 22:47 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-02-09 22:45 - 2015-02-09 22:55 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Windows Live
2015-02-09 22:44 - 2015-02-09 22:44 - 01245384 ____C (Microsoft Corporation) C:\Users\Media Markt\Downloads\wlsetup-web (1).exe
2015-02-09 22:43 - 2015-02-09 22:43 - 01245384 ____C (Microsoft Corporation) C:\Users\Media Markt\Downloads\wlsetup-web.exe
2015-02-09 14:30 - 2015-02-09 14:30 - 00000000 ___DC () C:\Users\Media Markt\Desktop\bilder termocam\Media Markt\Documents\Outlook-Dateien
2015-02-08 19:43 - 2015-02-08 20:14 - 00000000 ___DC () C:\Users\Media Markt\Desktop\Skitag Wurmberg 08.02.2015
2015-02-04 20:34 - 2015-01-19 16:00 - 74686645 ____C () C:\Users\Media Markt\Desktop\Radikalführen_ep9_A15EO1LOWQHQLI.aax
2015-02-03 23:20 - 2015-02-04 20:33 - 00000000 ___DC () C:\Users\Media Markt\Desktop\bilder termocam\Media Markt\Documents\Audible
2015-02-03 15:10 - 2015-02-03 15:10 - 00000000 ___DC () C:\Users\Media Markt\Desktop\Gopro alt Zermatt Thun
2015-01-31 19:36 - 2015-01-31 19:37 - 00000000 ___DC () C:\Users\Media Markt\Desktop\Testordner Scheisstunes
2015-01-31 18:13 - 2015-01-31 18:44 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\Apple Computer
2015-01-31 18:13 - 2015-01-31 18:13 - 00001765 ____C () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 18:13 - 2015-01-31 18:13 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Apple Computer
2015-01-31 18:13 - 2015-01-31 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 18:13 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-01-31 18:12 - 2015-01-31 18:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 18:12 - 2015-01-31 18:13 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 18:12 - 2015-01-31 18:12 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Apple
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-31 18:12 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-31 18:11 - 2015-01-31 18:12 - 00000000 ____D () C:\ProgramData\Apple
2015-01-31 18:11 - 2015-01-31 18:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 17:46 - 2015-01-31 18:07 - 152439600 ____C (Apple Inc.) C:\Users\Media Markt\Downloads\itunes6464setup.exe
2015-01-31 01:18 - 2015-01-31 01:18 - 00000000 ____D () C:\ProgramData\Sony
2015-01-28 16:53 - 2015-01-28 16:55 - 00000000 ___DC () C:\Users\Media Markt\Desktop\bilder termocam
2015-01-23 20:34 - 2015-01-23 20:34 - 00006394 ____C () C:\Users\Media Markt\Downloads\audioclip-1391799547623-2300.mp4
2015-01-23 20:34 - 2015-01-23 20:34 - 00006019 ____C () C:\Users\Media Markt\Downloads\audioclip-1391799450433-2016.mp4
2015-01-20 22:24 - 2015-01-20 22:24 - 00000026 _____ () C:\WINDOWS\SysWOW64\BatTestUACin_SysRt1436.batemp
2015-01-20 22:23 - 2015-01-20 22:23 - 00000000 ____D () C:\WINDOWS\AB22EC1B65684CE98B97C6FBC47F9BC5.TMP
2015-01-19 15:49 - 2015-01-19 15:49 - 00000294 ____C () C:\Users\Media Markt\Downloads\BK_CAMP_000186DE_LC_64_44100_ster_A15EO1LOWQHQLI.adh
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 13:41 - 2014-03-31 20:41 - 00000929 ____C () C:\WINDOWS\Tasks\EPSON XP-610 Series Update {C184E501-5051-4719-A134-E462DD29361D}.job
2015-02-15 13:41 - 2014-03-31 20:41 - 00000743 ____C () C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {C184E501-5051-4719-A134-E462DD29361D}.job
2015-02-15 13:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-02-15 13:32 - 2013-07-27 13:46 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-721494759-1310166264-1152750241-1001
2015-02-15 13:31 - 2014-01-13 21:17 - 01833538 ____C () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-02-15 13:31 - 2013-11-14 08:11 - 00779226 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-15 13:31 - 2013-11-14 08:11 - 00164856 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-15 13:26 - 2014-03-22 15:36 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\ClassicShell
2015-02-15 13:26 - 2013-11-14 08:27 - 01804092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 13:26 - 2013-11-03 14:56 - 00001154 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-721494759-1310166264-1152750241-1001UA.job
2015-02-15 13:22 - 2014-01-18 02:43 - 02032724 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 13:21 - 2014-02-06 23:19 - 00001124 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 13:21 - 2014-01-18 07:47 - 00000000 ___DO () C:\Users\Media Markt\SkyDrive
2015-02-15 13:20 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 13:20 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 13:18 - 2014-02-06 23:19 - 00001128 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 13:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2015-02-15 13:09 - 2014-12-03 11:09 - 00000929 ____C () C:\WINDOWS\Tasks\EPSON XP-610 Series Update {51566C7F-2A99-484D-B8C6-C16E6827C1B4}.job
2015-02-15 13:09 - 2014-12-03 11:09 - 00000743 ____C () C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {51566C7F-2A99-484D-B8C6-C16E6827C1B4}.job
2015-02-15 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 12:35 - 2014-02-07 19:51 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{962BA8C8-294A-413A-A87B-366529D5488D}
2015-02-14 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-13 13:07 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 13:07 - 2013-08-17 17:05 - 00000000 ___DC () C:\WINDOWS\system32\MRT
2015-02-13 13:01 - 2013-08-17 17:05 - 116773704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-13 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-13 12:59 - 2014-12-12 13:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 12:59 - 2014-07-21 05:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 15:44 - 2014-01-15 17:48 - 00000000 ___DC () C:\Users\Media Markt\AppData\Roaming\DAEMON Tools Lite
2015-02-12 15:43 - 2014-02-23 10:20 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-12 15:43 - 2014-01-18 02:36 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-12 10:02 - 2013-11-03 14:56 - 00001102 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-721494759-1310166264-1152750241-1001Core.job
2015-02-11 22:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 19:01 - 2014-03-19 12:41 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\vlc
2015-02-11 18:27 - 2014-01-13 12:17 - 00000000 _SHDC () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-11 18:27 - 2014-01-13 12:17 - 00000000 ___DC () C:\ProgramData\TuneUp Software
2015-02-11 18:22 - 2014-01-13 12:10 - 00000000 ___DC () C:\Users\Media Markt\AppData\Roaming\DVDVideoSoft
2015-02-11 18:21 - 2014-03-23 11:05 - 00001548 ____C () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-02-11 18:21 - 2014-01-13 12:10 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-11 18:21 - 2014-01-13 12:10 - 00000000 ___DC () C:\Program Files (x86)\DVDVideoSoft
2015-02-11 17:44 - 2013-08-22 15:44 - 00400024 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 17:41 - 2014-01-14 18:14 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-02-11 17:41 - 2013-07-27 12:20 - 00000000 ___DC () C:\ProgramData\Package Cache
2015-02-11 15:41 - 2014-03-29 23:21 - 00000000 ____D () C:\Program Files\DIFX
2015-02-10 22:09 - 2014-05-12 22:00 - 00000000 ___DC () C:\Users\Media Markt\Desktop\Philipp
2015-02-09 22:48 - 2014-01-16 17:41 - 00000000 ___DC () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-02-09 20:41 - 2014-12-22 11:57 - 00000000 ____D () C:\Users\Media Markt\Desktop\Youtube mix
2015-02-06 15:13 - 2014-02-06 23:19 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 15:13 - 2014-02-06 23:19 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 09:47 - 2014-02-13 23:30 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Audible
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 08:21 - 2013-11-03 14:56 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721494759-1310166264-1152750241-1001UA
2015-02-03 08:21 - 2013-11-03 14:56 - 00003732 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-721494759-1310166264-1152750241-1001Core
2015-01-31 19:38 - 2014-02-12 16:38 - 00000000 ____D () C:\Users\Media Markt\AppData\Roaming\TeamViewer
2015-01-31 01:19 - 2013-07-27 12:42 - 00000000 ___DC () C:\Program Files\Sony
2015-01-31 01:19 - 2013-07-27 12:12 - 00000000 ___DC () C:\Program Files (x86)\Sony
2015-01-21 19:54 - 2013-07-27 12:24 - 00000000 ___DC () C:\Program Files (x86)\WildTangent Games
2015-01-21 01:17 - 2014-08-02 07:41 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 01:16 - 2014-10-03 16:27 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-21 01:16 - 2014-10-03 16:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-21 01:16 - 2014-10-03 16:27 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-21 01:16 - 2014-10-03 16:27 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 01:16 - 2014-10-03 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 01:16 - 2014-10-03 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 01:12 - 2014-04-28 11:27 - 00000000 ___DC () C:\Users\Media Markt\Desktop\Arbeit Magdeburg Enrico Stehr
2015-01-20 22:26 - 2014-09-02 08:44 - 00000000 ____D () C:\Users\Media Markt\AppData\Local\Deployment
2015-01-20 22:26 - 2014-01-26 15:54 - 00000000 ____D () C:\ProgramData\Valentin EnergieSoftware
2015-01-20 22:25 - 2013-07-27 12:42 - 00000000 ___DC () C:\ProgramData\Sony Corporation
2015-01-20 22:25 - 2013-07-27 12:04 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2015-01-19 18:48 - 2013-07-27 13:40 - 00000000 ___DC () C:\Users\Media Markt\AppData\Local\Packages
==================== Files in the root of some directories =======
2014-01-13 21:18 - 2014-07-16 13:28 - 0000051 ____C () C:\Users\Media Markt\AppData\Roaming\cdwd.ini
2014-01-13 21:27 - 2014-07-16 13:31 - 0000320 ____C () C:\Users\Media Markt\AppData\Roaming\PrjHistorie.001
2014-01-22 16:42 - 2014-02-11 21:23 - 0000136 _____ () C:\Users\Media Markt\AppData\Roaming\WB.CFG
2014-01-22 16:42 - 2014-01-22 16:42 - 0000005 _____ () C:\Users\Media Markt\AppData\Roaming\WBPU-TTL.DAT
2014-01-13 21:18 - 2014-01-13 21:18 - 0000099 ____C () C:\Users\Media Markt\AppData\Local\fusioncache.dat
2014-01-11 17:41 - 2014-01-12 10:28 - 0007609 ____C () C:\Users\Media Markt\AppData\Local\Resmon.ResmonCfg
2014-01-18 02:38 - 2014-01-18 02:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-29 17:39 - 2014-04-29 17:40 - 0000650 _____ () C:\ProgramData\MF_Installer_Data.inf
Files to move or delete:
====================
C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL
Some content of TEMP:
====================
C:\Users\Media Markt\AppData\Local\Temp\avgnt.exe
C:\Users\Media Markt\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Media Markt\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Media Markt\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Media Markt\AppData\Local\Temp\Quarantine.exe
C:\Users\Media Markt\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Media Markt\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Media Markt\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Media Markt\AppData\Local\Temp\sqlite3.dll
C:\Users\Media Markt\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-14 14:13
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
