Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: "?trackid=sp-006" Anhang im Browser (https://www.trojaner-board.de/165379-windows-7-trackid-sp-006-anhang-browser.html)

Leon-Yannick 22.03.2015 09:13
Windows 7: "?trackid=sp-006" Anhang im Browser
 
Hallo,

Ich habe seit einiger Zeit in den Browsern Firefox und Google Chrome bei der Eingabe eines Suchbegriffs in die Google Suche Probleme. Immer wenn ich einen Suchbegriff eingebe und auf Suchen drücke, hängt irgendwas an den Suchbegriff ein "?trackid=sp-006" an. Das verunsichert mich, und ich weiß nicht was ich tun soll.
Ich habe mit Avast einen Virenscan durchgeführt, der aber negativ ausfiel.
Auch habe ich mit Malwarebytes Anti-Malware einen Scn durchgeführt, welcher 215 Objekte gefunden hat und in die quarantäne verschoben hat.

Vielleicht ist die Information hilfreich:
Ich hatte vor einiger Zeit Malware auf dem Computer welche ich mit Hilfe von Avast bekämpft habe.

Falls noch weitere Infos wie Logs etc. benötigt werde, einfach Bescheid sagen

Hier der FRST log:

Code:
Running from C:\Users\Leon-Yannick\Downloads
Loaded Profiles: Leon-Yannick (Available profiles: Leon-Yannick)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-10] (AVAST Software)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2195240 2015-01-20] (Gainward Co. Ltd.)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify Web Helper] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-18] (Spotify Ltd)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-18] (Spotify Ltd)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\MountPoints2: {33c0367d-b0a0-11e4-8bd5-4061864c8b0b} - E:\Setup.exe
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\MountPoints2: {a8c28a67-ab23-11e4-b641-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\MountPoints2: {e9dceb0d-b0af-11e4-92d4-4061864c8b0b} - F:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&ts=1423522581&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&ts=1423522581&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&ts=1423522581&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&ts=1423522581&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-10] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF user.js: detected! => C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\user.js [2015-03-22]
FF SearchPlugin: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\searchplugins\google-avast.xml [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-23]
CHR Extension: (Google Sheets) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-13]
CHR Extension: (Avast Online Security) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-10] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-02-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-10] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-02-04] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-10] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 09:04 - 2015-03-22 09:04 - 00017841 _____ () C:\Users\Leon-Yannick\Downloads\FRST.txt
2015-03-22 09:04 - 2015-03-22 09:04 - 00000000 ____D () C:\FRST
2015-03-22 09:03 - 2015-03-22 09:04 - 02095616 _____ (Farbar) C:\Users\Leon-Yannick\Downloads\FRST64 (1).exe
2015-03-22 09:03 - 2015-03-22 09:03 - 02095616 _____ (Farbar) C:\Users\Leon-Yannick\Downloads\FRST64.exe
2015-03-22 08:22 - 2015-03-22 08:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 08:22 - 2015-03-22 08:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 08:22 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 08:22 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 08:22 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 08:19 - 2015-03-22 08:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Leon-Yannick\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 22:06 - 2015-03-21 22:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Python
2015-03-21 22:06 - 2015-03-21 22:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ActiveState
2015-03-21 22:05 - 2015-03-21 22:05 - 00000000 ____D () C:\Python27
2015-03-21 22:05 - 2015-03-21 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 2.7 (32-bit)
2015-03-21 22:04 - 2015-03-21 22:04 - 37773312 _____ () C:\Users\Leon-Yannick\Downloads\ActivePython-2.7.8.10-win32-x86.msi
2015-03-21 22:02 - 2015-03-21 22:16 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17
2015-03-21 22:02 - 2015-03-21 22:02 - 01876725 _____ () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17.zip
2015-03-21 21:10 - 2015-03-21 21:10 - 00001111 _____ () C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
2015-03-18 20:25 - 2015-03-18 20:25 - 00314024 _____ () C:\Windows\Minidump\031815-24632-01.dmp
2015-03-18 18:56 - 2015-03-18 18:56 - 00001788 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-12 16:35 - 2015-03-12 16:56 - 00000000 ____D () C:\Sichern
2015-03-11 19:04 - 2015-03-11 19:04 - 03736125 _____ () C:\Users\Leon-Yannick\Downloads\testdisk-6.14.win.zip
2015-03-11 19:04 - 2015-03-11 19:04 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\testdisk-6.14.win
2015-03-11 16:16 - 2015-03-11 16:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-11 16:03 - 2015-03-11 16:04 - 60039168 _____ () C:\Users\Leon-Yannick\Downloads\PhysX-9.14.0702-SystemSoftware.msi
2015-03-10 22:42 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:42 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 22:42 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:42 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 22:42 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 22:42 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 22:42 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 22:42 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:42 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 22:42 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:42 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:42 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:42 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:42 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:42 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:42 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:42 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:42 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:42 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:42 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:42 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:42 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:42 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:42 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:42 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 22:42 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:42 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:42 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 22:42 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 22:42 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:42 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 22:42 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 22:42 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 22:42 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 22:42 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 22:42 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 22:42 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:42 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:42 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:42 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:42 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:42 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 22:42 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 22:42 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 22:42 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:42 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 22:42 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 22:42 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 22:42 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:42 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:42 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 22:42 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 22:42 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 22:29 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:29 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 22:29 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:29 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 22:29 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:29 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:29 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:29 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 22:29 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 22:29 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 22:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 22:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 22:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 22:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 22:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 22:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 22:29 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:29 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:29 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 22:29 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 22:16 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:16 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:16 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:16 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:16 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:16 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:16 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:16 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 22:16 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 22:16 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 22:16 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 22:16 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 22:16 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 22:16 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:09 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 22:09 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 22:09 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:09 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 22:07 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 22:07 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 22:07 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 22:06 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 22:06 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:06 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:06 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 22:04 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:04 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:04 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 22:04 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 22:04 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:59 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:59 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:56 - 2015-03-10 17:56 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TeamViewer
2015-03-09 22:27 - 2015-03-09 22:28 - 00287342 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-03-08 16:44 - 2015-03-08 16:44 - 00291026 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-03-08 16:44 - 2015-03-08 16:44 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-03-08 01:56 - 2015-03-08 01:56 - 00000216 _____ () C:\DebugTrace-RockallDLL.log
2015-03-07 20:19 - 2015-03-07 20:19 - 00002161 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2015-03-07 20:19 - 2015-03-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-03-07 19:55 - 2015-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-03-06 11:42 - 2015-03-21 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\Backup-TA-9.11
2015-03-02 23:07 - 2015-03-02 23:07 - 01599713 _____ () C:\Users\Leon-Yannick\Downloads\Backup-TA-9.11.zip
2015-03-02 22:41 - 2015-03-02 22:41 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\clockworkmod
2015-03-02 13:52 - 2015-03-02 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2015-03-02 13:52 - 2015-03-02 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-03-02 13:44 - 2015-03-02 13:44 - 00000800 _____ () C:\Users\Leon-Yannick\Desktop\Flashtool.lnk
2015-03-02 12:51 - 2015-03-02 12:53 - 00012992 _____ () C:\Windows\DPINST.LOG
2015-03-02 12:49 - 2015-03-02 13:44 - 00000000 ____D () C:\Users\Leon-Yannick\.flashTool
2015-03-02 12:49 - 2015-03-02 12:49 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-03-02 12:49 - 2015-03-02 12:49 - 00000000 ____D () C:\Users\Leon-Yannick\.swt
2015-03-02 12:47 - 2015-03-02 13:55 - 00000000 ____D () C:\Flashtool
2015-03-02 12:11 - 2015-03-02 12:32 - 184443528 _____ (Androxyde) C:\Users\Leon-Yannick\Downloads\flashtool-0.9.18.5-windows.exe
2015-02-28 21:23 - 2015-03-08 00:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-28 20:11 - 2015-02-28 20:11 - 00000222 _____ () C:\Users\Leon-Yannick\Desktop\Nosgoth.url
2015-02-26 14:08 - 2015-02-26 14:08 - 21340088 _____ () C:\Users\Leon-Yannick\Downloads\C6903_14.4.A.0.157_KERNEL-21-non-rootable.ftf
2015-02-26 14:04 - 2015-02-26 14:04 - 21331858 _____ () C:\Users\Leon-Yannick\Downloads\C6903_14.4.A.0.108_KERNEL-21-towel-rootable.ftf
2015-02-26 13:47 - 2015-02-26 13:52 - 25047264 _____ () C:\Users\Leon-Yannick\Downloads\Z1-lockeddualrecovery2.8.2-RELEASE.installer.zip
2015-02-26 13:22 - 2015-02-26 13:22 - 02880770 _____ () C:\Users\Leon-Yannick\Downloads\EasyRootTool v12.4.zip
2015-02-26 13:16 - 2015-02-26 13:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-26 13:12 - 2015-02-26 13:12 - 00000000 ____D () C:\Users\Leon-Yannick\.android
2015-02-26 13:11 - 2015-02-26 13:12 - 00000000 ____D () C:\newroot
2015-02-26 13:03 - 2013-05-12 23:27 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-26 13:03 - 2013-05-12 23:27 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-02-26 12:59 - 2015-02-26 12:59 - 32242911 _____ () C:\Users\Leon-Yannick\Downloads\newroot.rar
2015-02-26 12:15 - 2015-02-26 12:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-25 17:47 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 17:47 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 17:09 - 2015-02-20 17:09 - 00311624 _____ () C:\Windows\Minidump\022015-27549-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 08:59 - 2015-02-05 19:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 08:52 - 2009-07-14 05:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 08:52 - 2009-07-14 05:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 08:51 - 2015-02-07 00:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Spotify
2015-03-22 08:49 - 2015-02-11 21:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 08:49 - 2015-02-02 22:43 - 01942419 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 08:46 - 2015-02-07 00:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\Spotify
2015-03-22 08:45 - 2015-02-10 20:05 - 00001368 _____ () C:\Windows\Tasks\CIUZJIT.job
2015-03-22 08:45 - 2015-02-10 20:05 - 00001362 _____ () C:\Windows\Tasks\OLHS.job
2015-03-22 08:45 - 2015-02-05 19:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 08:45 - 2015-02-03 14:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-22 08:45 - 2015-02-03 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-22 08:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 08:45 - 2009-07-14 05:51 - 00056865 _____ () C:\Windows\setupact.log
2015-03-22 08:44 - 2010-11-21 04:47 - 00196440 _____ () C:\Windows\PFRO.log
2015-03-22 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 08:05 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-03-21 21:06 - 2015-02-12 16:30 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TS3Client
2015-03-21 16:26 - 2015-02-05 21:07 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\Euro Truck Simulator 2
2015-03-21 14:14 - 2015-02-10 20:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-18 21:54 - 2015-02-09 17:13 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\MemTest41
2015-03-18 20:25 - 2015-02-02 22:38 - 551943321 _____ () C:\Windows\MEMORY.DMP
2015-03-18 20:25 - 2015-02-02 22:38 - 00000000 ____D () C:\Windows\Minidump
2015-03-18 18:56 - 2015-02-07 00:05 - 00001802 _____ () C:\Users\Leon-Yannick\Desktop\Spotify.lnk
2015-03-18 07:29 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 20:48 - 2015-02-12 16:29 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-03-15 20:48 - 2015-02-10 20:36 - 00001786 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 20:48 - 2015-02-10 20:35 - 00002008 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-15 20:48 - 2015-02-04 18:57 - 00000904 _____ () C:\Users\Public\Desktop\Catzilla.lnk
2015-03-14 22:48 - 2015-02-08 12:58 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ftblauncher
2015-03-12 16:36 - 2015-02-03 14:25 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\.technic
2015-03-12 15:26 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-03-12 15:26 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-03-12 15:26 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 15:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 16:16 - 2015-02-03 12:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-11 14:29 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 14:26 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 14:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 14:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 05:40 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 01:58 - 2015-02-17 09:39 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\My Games
2015-03-08 01:57 - 2015-02-03 15:01 - 00283647 _____ () C:\Windows\DirectX.log
2015-03-08 01:53 - 2015-02-17 16:33 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 00:54 - 2015-02-03 12:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 20:19 - 2015-02-02 22:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 23:20 - 2015-02-04 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 19:40 - 2015-02-07 00:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-03 22:12 - 2015-02-12 16:30 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-03-02 12:49 - 2015-02-02 22:43 - 00000000 ____D () C:\Users\Leon-Yannick
2015-03-01 13:16 - 2015-02-18 15:49 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TIPP10
2015-02-28 20:11 - 2015-02-11 22:03 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-26 17:42 - 2015-02-08 13:00 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Monster
2015-02-24 22:04 - 2015-02-04 17:41 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-24 22:04 - 2015-02-04 17:41 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-24 21:38 - 2015-01-25 17:12 - 00000365 _____ () C:\Users\Leon-Yannick\AppData\Roaming\OLHS
2015-02-24 21:10 - 2015-02-09 23:54 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\DAEMON Tools Lite
2015-02-24 21:10 - 2015-02-08 12:58 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\ftblauncher
2015-02-24 21:10 - 2015-02-04 16:14 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\NVIDIA
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 19:43 - 2015-02-18 17:59 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-22 19:41 - 2015-02-18 17:59 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Wondershare
2015-02-22 19:41 - 2015-02-18 17:59 - 00000000 ____D () C:\Program Files (x86)\Wondershare

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Leon-Yannick\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-02-24 21:38 - 0000365 _____ () C:\Users\Leon-Yannick\AppData\Roaming\OLHS
2015-02-04 17:25 - 2015-02-04 17:25 - 0007602 _____ () C:\Users\Leon-Yannick\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Leon-Yannick\AppData\Local\Temp\6FBD699E-7FD6-45AA-5201-5E38F95D202F.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\drm_dyndata_7380012.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\RDtemp.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\Runner4.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sdan.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sdapk.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sdaspwn.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfamcc00004.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfareca00001.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfareca00002.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sfextra.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\SpOrder.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\_is54A6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 13:38

==================== End Of Log ============================
Und hier die addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Leon-Yannick at 2015-03-22 09:05:17
Running from C:\Users\Leon-Yannick\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Catzilla 1.3 (HKLM\...\{41EE0CB2-75DE-4FE0-AEB2-4CBC30624FA6}_is1) (Version: 1.3 - ALLPlayer Group Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.3 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.3 R3 Alpha - ETS2MP Team)
EXPERTool v9.9 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 9.9.0.0 - Gainward Co. Ltd.)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.5 - Androxyde)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150311.103813 - Square Enix Ltd)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Race Driver 3 (HKLM-x32\...\{A137D52E-FA96-4815-85F5-E7B8F66837DB}) (Version: 1.00.0000 - Codemasters)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-02-2015 19:40:38 Geplanter Prüfpunkt
28-02-2015 21:23:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-02-2015 21:23:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
01-03-2015 21:03:29 Windows Update
02-03-2015 12:51:26 Gerätetreiber-Paketinstallation: Sony Sony sa0109
02-03-2015 12:52:00 Gerätetreiber-Paketinstallation: Sony Netzwerkadapter
02-03-2015 12:52:19 Gerätetreiber-Paketinstallation: Google, Inc.
02-03-2015 12:52:38 Gerätetreiber-Paketinstallation: Sony Ericsson Mobile Communications USB-Controller
06-03-2015 14:41:56 Windows Update
07-03-2015 19:51:49 Installiert Age of Empires III
08-03-2015 00:45:15 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
08-03-2015 00:45:47 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
08-03-2015 01:56:44 DirectX wurde installiert
08-03-2015 16:43:47 Windows Update
09-03-2015 22:27:37 Windows Update
10-03-2015 23:18:41 Windows Update
11-03-2015 16:15:32 NVIDIA PhysX wird installiert
17-03-2015 12:53:44 Windows Update
20-03-2015 19:30:51 Windows Update
21-03-2015 22:05:07 Installed ActiveState ActivePython 2.7.8.10 (32-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17645A4F-F14A-40D9-BDBA-FC508E0E0FCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-10] (AVAST Software)
Task: {1FAD9237-6E94-4B85-AA0A-B20B220ACDD9} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {23C6C4AE-804F-4203-98F4-C7C374242ABC} - System32\Tasks\OLHS => C:\Users\Leon-Yannick\AppData\Roaming\OLHS.exe <==== ATTENTION
Task: {6DCDD041-7AE5-4C00-AD0B-0D5196B6392C} - System32\Tasks\{B84308E1-9624-4886-8C57-6D9FDD60D22D} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {84D98F93-3EDB-4D2F-AE6D-2562E7A66C08} - System32\Tasks\avastBCLRestartS-1-5-21-2095702127-3137971373-1474782704-1000 => Chrome.exe
Task: {8BB72FA3-C055-4535-BA3A-0A6743B15925} - System32\Tasks\CIUZJIT => C:\Users\Leon-Yannick\AppData\Roaming\CIUZJIT.exe <==== ATTENTION
Task: {B0E3E0C8-A144-48AA-B769-95661F73F531} - System32\Tasks\EXPERTool => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2015-01-20] (Gainward Co. Ltd.)
Task: {B1F72170-92CD-4C87-BD37-E18F2D0A50FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {D154C423-FFB0-4A37-A4A3-0AA95ADC8771} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {DEFE2039-385F-4259-8E65-16104D282DD5} - System32\Tasks\PostPoneInstall => C:\Users\LEON-Y~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-02-10] (C.L.A.R.A) <==== ATTENTION
Task: {E759EFC9-1A50-4D53-B1F1-CACC76811F93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIUZJIT.job => C:\Users\Leon-Yannick\AppData\Roaming\CIUZJIT.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OLHS.job => C:\Users\Leon-Yannick\AppData\Roaming\OLHS.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-03 12:08 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-18 17:19 - 2015-01-20 10:45 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-02-07 00:31 - 2015-02-07 00:31 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-10 20:34 - 2015-02-10 20:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-10 20:34 - 2015-02-10 20:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-20 20:00 - 2015-03-14 11:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 20:00 - 2015-03-14 11:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 20:00 - 2015-03-14 11:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 20:00 - 2015-03-14 11:03 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2015-03-21 21:13 - 2015-03-21 21:13 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032101\algo.dll
2015-02-10 20:34 - 2015-02-10 20:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-03 14:20 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-03 14:20 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-03 14:20 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-10 17:43 - 2015-03-18 18:56 - 40506936 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libcef.dll
2015-03-13 20:36 - 2015-03-13 20:36 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-03 14:20 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 01365560 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libglesv2.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 00219192 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libegl.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 09305656 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\pdf.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 00990776 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2095702127-3137971373-1474782704-500 - Administrator - Disabled)
Gast (S-1-5-21-2095702127-3137971373-1474782704-501 - Limited - Disabled)
Leon-Yannick (S-1-5-21-2095702127-3137971373-1474782704-1000 - Administrator - Enabled) => C:\Users\Leon-Yannick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 08:45:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 08:03:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 02:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 02:12:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/21/2015 02:12:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/21/2015 02:12:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/20/2015 07:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


System errors:
=============
Error: (03/22/2015 08:46:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/22/2015 08:45:48 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:48 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:32 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:26 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.

Error: (03/22/2015 08:45:26 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.


Microsoft Office Sessions:
=========================
Error: (03/22/2015 08:45:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2015 08:03:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 02:13:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2015 02:12:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/21/2015 02:12:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/21/2015 02:12:56 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/20/2015 07:24:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/20/2015 07:24:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 425 Processor
Percentage of memory in use: 28%
Total physical RAM: 8190.3 MB
Available physical RAM: 5894.13 MB
Total Pagefile: 16378.8 MB
Available Pagefile: 13787.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.07 GB) (Free:129.55 GB) NTFS
Drive d: (RACEDRIVER3) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS
Drive e: (NR 9) (Fixed) (Total:372.6 GB) (Free:107.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 372.6 GB) (Disk ID: E93A112C)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================

schrauber 22.03.2015 09:21
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Leon-Yannick 22.03.2015 09:51
Hier der Log:
Code:
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.5545 [GMT 1:00]
ausgeführt von:: c:\users\Leon-Yannick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-22 bis 2015-03-22  ))))))))))))))))))))))))))))))
.
.
2015-03-22 08:35 . 2015-03-22 08:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-03-22 08:25 . 2015-03-22 08:25        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC38BF64-DF93-4EAD-9170-D9280ED28FAB}\offreg.dll
2015-03-22 08:04 . 2015-03-22 08:05        --------        d-----w-        C:\FRST
2015-03-22 07:22 . 2015-03-22 07:22        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-22 07:22 . 2015-03-22 07:22        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-22 07:22 . 2015-03-22 07:22        --------        d-----w-        c:\programdata\Malwarebytes
2015-03-22 07:22 . 2015-03-17 05:15        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-03-22 07:22 . 2015-03-17 05:15        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-03-22 07:22 . 2015-03-17 05:15        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-03-21 21:06 . 2015-03-21 21:06        --------        d-----w-        c:\users\Leon-Yannick\AppData\Roaming\Python
2015-03-21 21:06 . 2015-03-21 21:06        --------        d-----w-        c:\users\Leon-Yannick\AppData\Local\ActiveState
2015-03-21 21:05 . 2015-03-21 21:05        --------        d-----w-        C:\Python27
2015-03-21 20:10 . 2015-03-21 20:10        --------        d-----w-        c:\program files (x86)\Minimal ADB and Fastboot
2015-03-20 18:31 . 2015-01-29 09:07        11910896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC38BF64-DF93-4EAD-9170-D9280ED28FAB}\mpengine.dll
2015-03-12 15:35 . 2015-03-12 15:56        --------        d-----w-        C:\Sichern
2015-03-11 15:16 . 2015-03-11 15:16        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2015-03-10 21:29 . 2015-02-03 03:30        842240        ----a-w-        c:\windows\system32\blackbox.dll
2015-03-10 21:16 . 2015-03-06 05:56        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2015-03-10 21:09 . 2015-02-20 04:41        41984        ----a-w-        c:\windows\system32\lpk.dll
2015-03-10 21:09 . 2015-02-20 04:40        100864        ----a-w-        c:\windows\system32\fontsub.dll
2015-03-10 21:09 . 2015-02-20 04:40        14336        ----a-w-        c:\windows\system32\dciman32.dll
2015-03-10 21:09 . 2015-02-20 04:40        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-03-10 21:09 . 2015-02-20 04:13        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-03-10 21:09 . 2015-02-20 04:13        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll
2015-03-10 21:09 . 2015-02-20 04:13        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-03-10 21:09 . 2015-02-20 04:12        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-03-10 21:09 . 2015-02-20 03:29        372224        ----a-w-        c:\windows\system32\atmfd.dll
2015-03-10 21:09 . 2015-02-20 03:09        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll
2015-03-10 21:07 . 2015-01-31 03:48        3179520        ----a-w-        c:\windows\system32\rdpcorets.dll
2015-03-10 21:07 . 2015-01-31 03:48        16384        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 21:07 . 2015-01-30 23:56        243200        ----a-w-        c:\windows\system32\rdpudd.dll
2015-03-10 21:06 . 2015-02-03 03:31        215552        ----a-w-        c:\windows\system32\ubpm.dll
2015-03-10 21:06 . 2015-02-03 03:12        171520        ----a-w-        c:\windows\SysWow64\ubpm.dll
2015-03-10 21:06 . 2015-02-13 05:22        14177280        ----a-w-        c:\windows\system32\shell32.dll
2015-03-10 21:04 . 2015-01-17 02:48        1067520        ----a-w-        c:\windows\system32\msctf.dll
2015-03-10 21:04 . 2015-01-17 02:30        828928        ----a-w-        c:\windows\SysWow64\msctf.dll
2015-03-10 21:04 . 2015-02-03 03:31        1424896        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2015-03-10 21:04 . 2015-02-03 03:12        1230848        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2015-03-10 21:04 . 2015-02-26 03:25        3204096        ----a-w-        c:\windows\system32\win32k.sys
2015-03-10 20:59 . 2015-02-04 03:16        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2015-03-10 20:59 . 2015-02-04 02:54        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2015-03-10 16:56 . 2015-03-10 16:56        --------        d-----w-        c:\users\Leon-Yannick\AppData\Roaming\TeamViewer
2015-03-08 15:44 . 2015-03-08 15:44        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2015-03-07 23:53 . 2015-03-07 23:53        --------        d-----w-        c:\windows\Migration
2015-03-07 18:55 . 2015-03-07 18:55        --------        d-----w-        c:\program files (x86)\Microsoft Games
2015-03-02 11:49 . 2015-03-02 12:44        --------        d-----w-        c:\users\Leon-Yannick\.flashTool
2015-03-02 11:49 . 2015-03-02 11:49        --------        d-----w-        c:\users\Leon-Yannick\.swt
2015-03-02 11:47 . 2015-03-02 12:55        --------        d-----w-        C:\Flashtool
2015-02-28 20:23 . 2015-03-07 23:46        --------        d-----w-        c:\programdata\Package Cache
2015-02-26 12:12 . 2015-02-26 12:12        --------        d-----w-        c:\users\Leon-Yannick\.android
2015-02-26 12:11 . 2015-02-26 12:12        --------        d-----w-        C:\newroot
2015-02-26 12:03 . 2013-05-12 22:27        1721576        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2015-02-26 12:03 . 2013-05-12 22:27        1002728        ----a-w-        c:\windows\system32\WinUSBCoInstaller2.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 02:17 . 2010-11-21 03:27        295552        ------w-        c:\windows\system32\MpSigStub.exe
2015-02-11 20:25 . 2015-02-03 19:55        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-11 20:25 . 2015-02-03 19:55        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-10 23:20 . 2015-02-02 22:33        116773704        ----a-w-        c:\windows\system32\MRT.exe
2015-02-10 19:35 . 2015-02-10 19:35        87912        ----a-w-        c:\windows\system32\drivers\aswmonflt.sys
2015-02-10 19:35 . 2015-02-10 19:35        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2015-02-10 19:34 . 2015-02-10 19:35        116728        ----a-w-        c:\windows\system32\drivers\aswStm.sys
2015-02-10 19:34 . 2015-02-10 19:35        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2015-02-10 19:34 . 2015-02-10 19:35        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2015-02-10 19:34 . 2015-02-10 19:35        436624        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2015-02-10 19:34 . 2015-02-10 19:35        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2015-02-10 19:34 . 2015-02-10 19:35        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2015-02-10 19:34 . 2015-02-10 19:35        364512        ----a-w-        c:\windows\system32\aswBoot.exe
2015-02-10 19:34 . 2015-02-10 19:34        43152        ----a-w-        c:\windows\avastSS.scr
2015-02-06 23:31 . 2015-02-06 23:31        111928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2015-02-06 23:31 . 2015-02-06 23:31        66872        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2015-02-04 18:15 . 2015-02-04 18:15        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-04 17:58 . 2015-02-04 17:58        27552        ----a-w-        c:\windows\system32\drivers\HWiNFO64A.SYS
2015-02-04 03:16 . 2015-02-10 22:30        609280        ----a-w-        c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-10 22:30        762368        ----a-w-        c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-10 22:30        414720        ----a-w-        c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-10 22:30        894976        ----a-w-        c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-10 22:29        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-10 22:29        192000        ----a-w-        c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-10 22:30        1098752        ----a-w-        c:\windows\system32\aeinv.dll
2015-02-03 13:25 . 2015-02-03 13:25        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-03 12:16 . 2015-02-03 12:16        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2015-02-03 12:16 . 2015-02-03 12:16        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2015-02-03 12:16 . 2015-02-03 12:16        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2015-02-03 12:16 . 2015-02-03 12:16        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2015-02-03 12:16 . 2015-02-03 12:16        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2015-02-03 12:16 . 2015-02-03 12:16        81408        ----a-w-        c:\windows\system32\icardie.dll
2015-02-03 12:16 . 2015-02-03 12:16        774144        ----a-w-        c:\windows\system32\jscript.dll
2015-02-03 12:16 . 2015-02-03 12:16        77312        ----a-w-        c:\windows\system32\tdc.ocx
2015-02-03 12:16 . 2015-02-03 12:16        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2015-02-03 12:16 . 2015-02-03 12:16        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-02-03 12:16 . 2015-02-03 12:16        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2015-02-03 12:16 . 2015-02-03 12:16        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2015-02-03 12:16 . 2015-02-03 12:16        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2015-02-03 12:16 . 2015-02-03 12:16        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2015-02-03 12:16 . 2015-02-03 12:16        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2015-02-03 12:16 . 2015-02-03 12:16        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2015-02-03 12:16 . 2015-02-03 12:16        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2015-02-03 12:16 . 2015-02-03 12:16        48128        ----a-w-        c:\windows\system32\imgutil.dll
2015-02-03 12:16 . 2015-02-03 12:16        413696        ----a-w-        c:\windows\system32\html.iec
2015-02-03 12:16 . 2015-02-03 12:16        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2015-02-03 12:16 . 2015-02-03 12:16        337408        ----a-w-        c:\windows\SysWow64\html.iec
2015-02-03 12:16 . 2015-02-03 12:16        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2015-02-03 12:16 . 2015-02-03 12:16        247808        ----a-w-        c:\windows\system32\msls31.dll
2015-02-03 12:16 . 2015-02-03 12:16        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2015-02-03 12:16 . 2015-02-03 12:16        243200        ----a-w-        c:\windows\system32\webcheck.dll
2015-02-03 12:16 . 2015-02-03 12:16        235520        ----a-w-        c:\windows\system32\url.dll
2015-02-03 12:16 . 2015-02-03 12:16        235008        ----a-w-        c:\windows\system32\elshyph.dll
2015-02-03 12:16 . 2015-02-03 12:16        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2015-02-03 12:16 . 2015-02-03 12:16        167424        ----a-w-        c:\windows\system32\iexpress.exe
2015-02-03 12:16 . 2015-02-03 12:16        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2015-02-03 12:16 . 2015-02-03 12:16        147968        ----a-w-        c:\windows\system32\occache.dll
2015-02-03 12:16 . 2015-02-03 12:16        143872        ----a-w-        c:\windows\system32\wextract.exe
2015-02-03 12:16 . 2015-02-03 12:16        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2015-02-03 12:16 . 2015-02-03 12:16        13824        ----a-w-        c:\windows\system32\mshta.exe
2015-02-03 12:16 . 2015-02-03 12:16        135680        ----a-w-        c:\windows\system32\iepeers.dll
2015-02-03 12:16 . 2015-02-03 12:16        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2015-02-03 12:16 . 2015-02-03 12:16        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2015-02-03 12:16 . 2015-02-03 12:16        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2015-02-03 12:16 . 2015-02-03 12:16        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2015-02-03 12:16 . 2015-02-03 12:16        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2015-02-03 12:16 . 2015-02-03 12:16        101376        ----a-w-        c:\windows\system32\inseng.dll
2015-01-27 23:36 . 2015-02-10 22:30        1239720        ----a-w-        c:\windows\system32\aitstatic.exe
2015-01-23 05:39 . 2015-02-03 13:41        378832        ----a-w-        c:\windows\system32\LavasoftTcpService64.dll
2015-01-23 05:39 . 2015-02-03 13:41        332216        ----a-w-        c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-20 09:45 . 2015-02-06 23:23        35112        ----a-w-        c:\windows\system32\drivers\teamviewervpn.sys
2015-01-10 08:07 . 2015-02-03 11:08        73872        ----a-w-        c:\windows\system32\OpenCL.dll
2015-01-10 08:07 . 2015-02-03 11:08        60744        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2015-01-10 08:07 . 2015-02-03 10:59        994712        ----a-w-        c:\windows\system32\nvumdshimx.dll
2015-01-10 08:07 . 2015-02-03 10:59        969360        ----a-w-        c:\windows\system32\NvIFR64.dll
2015-01-10 08:07 . 2015-02-03 10:59        942736        ----a-w-        c:\windows\system32\NvFBC64.dll
2015-01-10 08:07 . 2015-02-03 10:59        929424        ----a-w-        c:\windows\SysWow64\NvIFR.dll
2015-01-10 08:07 . 2015-02-03 10:59        906384        ----a-w-        c:\windows\SysWow64\NvFBC.dll
2015-01-10 08:07 . 2015-02-03 10:59        877488        ----a-w-        c:\windows\SysWow64\nvumdshim.dll
2015-01-10 08:07 . 2015-02-03 10:59        496456        ----a-w-        c:\windows\system32\nvEncodeAPI64.dll
2015-01-10 08:07 . 2015-02-03 10:59        399688        ----a-w-        c:\windows\SysWow64\nvEncodeAPI.dll
2015-01-10 08:07 . 2015-02-03 10:59        390472        ----a-w-        c:\windows\system32\NvIFROpenGL.dll
2015-01-10 08:07 . 2015-02-03 10:59        3607184        ----a-w-        c:\windows\system32\nvcuvid.dll
2015-01-10 08:07 . 2015-02-03 10:59        353040        ----a-w-        c:\windows\system32\nvoglshim64.dll
2015-01-10 08:07 . 2015-02-03 10:59        345744        ----a-w-        c:\windows\SysWow64\NvIFROpenGL.dll
2015-01-10 08:07 . 2015-02-03 10:59        3298816        ----a-w-        c:\windows\system32\nvapi64.dll
2015-01-10 08:07 . 2015-02-03 10:59        3245712        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2015-01-10 08:07 . 2015-02-03 10:59        32102544        ----a-w-        c:\windows\system32\nvoglv64.dll
2015-01-10 08:07 . 2015-02-03 10:59        305320        ----a-w-        c:\windows\SysWow64\nvoglshim32.dll
2015-01-10 08:07 . 2015-02-03 10:59        2902456        ----a-w-        c:\windows\SysWow64\nvapi.dll
2015-01-10 08:07 . 2015-02-03 10:59        25459856        ----a-w-        c:\windows\system32\nvcompiler.dll
2015-01-10 08:07 . 2015-02-03 10:59        24765584        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2015-01-10 08:07 . 2015-02-03 10:59        20465296        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2015-01-10 08:07 . 2015-02-03 10:59        1895240        ----a-w-        c:\windows\system32\nvdispco6434725.dll
2015-01-10 08:07 . 2015-02-03 10:59        18566296        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2015-01-10 08:07 . 2015-02-03 10:59        177624        ----a-w-        c:\windows\system32\nvinitx.dll
2015-01-10 08:07 . 2015-02-03 10:59        17250776        ----a-w-        c:\windows\system32\nvd3dumx.dll
2015-01-10 08:07 . 2015-02-03 10:59        164568        ----a-w-        c:\windows\SysWow64\nvinit.dll
2015-01-10 08:07 . 2015-02-03 10:59        16009120        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2015-01-10 08:07 . 2015-02-03 10:59        1556808        ----a-w-        c:\windows\system32\nvdispgenco6434725.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-02-18 2874048]
"TBPanel"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2015-01-20 2195240]
"Spotify Web Helper"="c:\users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-03-18 1964088]
"Spotify"="c:\users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe" [2015-03-18 6701624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-10 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-03 20:25]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 18:47]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05 18:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-10 19:34        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mSearch Bar = https://www.google.com/?trackid=sp-006
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-22  09:38:50
ComboFix-quarantined-files.txt  2015-03-22 08:38
.
Vor Suchlauf: 14 Verzeichnis(se), 138.931.154.944 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 139.484.999.680 Bytes frei
.
- - End Of File - - E1F441614D691AF17B7BDE240F229D95
A36C5E4F47E84449FF07ED3517B43A31

schrauber 22.03.2015 17:40
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Leon-Yannick 22.03.2015 21:04
Hier der MMab Log :
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.03.2015
Suchlauf-Zeit: 08:22:51
Logdatei: MMab.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.22.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Leon-Yannick

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349535
Verstrichene Zeit: 9 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 2028, Löschen bei Neustart, [9af12226ccbe3ff72b8a739c10f226da]
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, 3464, Löschen bei Neustart, [7c0fd57311794de904acf93705fd7a86]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 1252, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66]

Module: 10
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Löschen bei Neustart, [55362a1e7d0d290dc243d19dce32c33d],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Löschen bei Neustart, [0d7ec286e9a17abcfe07df8f887813ed],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],

Registrierungsschlüssel: 28
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [9af12226ccbe3ff72b8a739c10f226da],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [414a1e2a8a004cea2df5ce58af5433cd],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [4249d57365250d296f45ba0445bebc44],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [0e7de2663e4caf8796f1794d21e21ce4],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [177483c53357a98dadf2013720e517e9],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [256650f839515ed81e2e617ba85bbc44],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b3d8b5933555bd79beadf034d82d2ed2],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [d6b5cf79ef9bc571f96561da64a1fc04],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [afdcd1770a80ad89c49b2f0cea1b7e82],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [becd2f198bff69cdb4bea92ba75c4ab6],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [a7e40c3c5634b0863479e5e4af540ef2],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\1ClickDownload, In Quarantäne, [93f8d96f583274c261cf4eccfb0a619f],
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\BoBrowser, In Quarantäne, [741790b88bff8fa7cd9becd1e81bd22e],
PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\ClickMovie1-Downloaderv10-nv-ie, In Quarantäne, [3358ef59008a340250d1617a6b98cb35],
PUP.Optional.ICinema.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\I - Cinema-nv-ie, In Quarantäne, [c2c961e7c6c47db9d9d1587e9a695ca4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ddaeef59c5c535011ce87bb29570a35d],
PUP.Optional.Qone8, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [06855bed503a04327ded79abe71ed030],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],

Registrierungswerte: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [256650f839515ed81e2e617ba85bbc44]
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\extensions\fftoolbar2014@etech.com, In Quarantäne, [bad179cffb8ffb3b66ea7c4235ce29d7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, In Quarantäne, [becd2f198bff69cdb4bea92ba75c4ab6]

Registrierungsdaten: 15
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[1576e068cebce3535ce93bab0005cb35]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[276480c80d7df2445d57c1249f6644bc]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[fd8e95b3e1a925115460d411ef165fa1]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[bccf84c41b6fd26470444d9856af4ab6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[aeddbd8bd9b16cca694bc91c13f246ba]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1423522530&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[e9a263e5147688aeb98cecfacf36e41c]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[dfac89bf78121c1a664eb33246bf2dd3]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[a6e53c0cd5b58bab4f6532b3bf46e020]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[bccfec5c3a5038fe654fe10434d119e7]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[72198dbb21699a9cf8bc53928b7aaf51]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[94f740088a007abcb6878b67d62f817f]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[781377d14545ff37d5e0f3f281848977]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[aedd89bf088238fe2392ffe6bb4a8d73]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513),Ersetzt,[ed9ec8808703c76f9e17d114c144dd23]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}),Ersetzt,[4348d3755139ac8ae5d0776e37ce48b8]

Ordner: 35
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.OpenCandy, C:\Users\Leon-Yannick\AppData\Roaming\OpenCandy, In Quarantäne, [6e1d3414583276c04a4a2e4528db20e0],
PUP.Optional.OpenCandy, C:\Users\Leon-Yannick\AppData\Roaming\OpenCandy\E675B1F4F7804E6BBE407160939C6F4C, In Quarantäne, [6e1d3414583276c04a4a2e4528db20e0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [711a5eea3753b284efada0ea857ea15f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [711a5eea3753b284efada0ea857ea15f],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [3259a2a636542d09f63ce4c3996aaf51],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [3259a2a636542d09f63ce4c3996aaf51],

Dateien: 121
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [9af12226ccbe3ff72b8a739c10f226da],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, Löschen bei Neustart, [7c0fd57311794de904acf93705fd7a86],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Löschen bei Neustart, [55362a1e7d0d290dc243d19dce32c33d],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Löschen bei Neustart, [0d7ec286e9a17abcfe07df8f887813ed],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [5338ae9aa4e6a4923541ee3c60a3af51],
PUP.Optional.Conduit.A, C:\Users\Leon-Yannick\AppData\Local\Temp\dlLogic.exe, In Quarantäne, [b2d960e85c2e67cf2e024bf844bc6f91],
PUP.Optional.Conduit.A, C:\Users\Leon-Yannick\AppData\Local\Temp\dltr.exe, In Quarantäne, [0e7d1038e4a6ed495ed3ff4402fecb35],
Trojan.MSIL.Injector, C:\Users\Leon-Yannick\AppData\Local\Temp\Runner2.exe, In Quarantäne, [0e7d7cccccbec17532789e427a8b936d],
PUP.Optional.Conduit.A, C:\Users\Leon-Yannick\AppData\Local\Temp\GCVerifier.dll, In Quarantäne, [d0bbdb6d1a70b284e74852f16b95c53b],
PUP.Optional.Conduit.A, C:\Users\Leon-Yannick\AppData\Local\Temp\verifier.exe, In Quarantäne, [3f4cdf699af0f640151c3013cb35f60a],
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Local\Temp\setup.exe, In Quarantäne, [f4973810b5d52f070507d05b9a6ca858],
PUP.Optional.BrowserWatch, C:\Users\Leon-Yannick\AppData\Local\Temp\Wtmp6242692\tmp\XTab_v4.0.exe, In Quarantäne, [820984c492f83afc48bdd29cca367888],
PUP.Optional.OpenCandy, C:\Users\Leon-Yannick\Downloads\DTLite4491-0356.exe, In Quarantäne, [1f6c3513dab074c2b432d840ae586898],
PUP.Optional.Giga, C:\Users\Leon-Yannick\Downloads\Need-for-Speed_-Undercover-lnstall.exe, In Quarantäne, [2e5d15330b7fe55137b77f55a560ca36],
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinst_01009.Wdf, In Quarantäne, [ff8ca5a3a0ea49ed6f84ecc9de250cf4],
PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, In Quarantäne, [4e3d82c6f99105312cba4577b350dc24],
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, In Quarantäne, [99f2e5630783191d031dd1ed5ca7ad53],
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, In Quarantäne, [fe8d3b0d74163ef8011f2995b350619f],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [7b100d3b25656bcbd0e5348a51b29a66],
PUP.Optional.BoBrowser.A, C:\Windows\System32\Tasks\Run_Bobby_Browser, In Quarantäne, [7813c484b4d6e74f13bd0db1b1525da3],
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\searchplugins\mystartsearch.xml, In Quarantäne, [82099aae3555f541b5d1814504ff09f7],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [5a31c385a8e27cba2c1acb6e8481f709],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [5f2cc97f8ffb90a60f385ddc27de53ad],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [bdce49ff9bef2e0888c055e4aa5baa56],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [4249fa4eeaa069cd98b1cd6c679e837d],
PUP.Optional.OpenCandy, C:\Users\Leon-Yannick\AppData\Roaming\OpenCandy\E675B1F4F7804E6BBE407160939C6F4C\WebCompanionInstaller.exe, In Quarantäne, [6e1d3414583276c04a4a2e4528db20e0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [711a5eea3753b284efada0ea857ea15f],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\GoogleCrashHandler.exe, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\GoogleUpdate.exe, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\GoogleUpdateBroker.exe, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\GoogleUpdateHelper.msi, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\GoogleUpdateOnDemand.exe, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\goopdate.dll, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\goopdateres_en.dll, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\npGoogleUpdate4.dll, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\psmachine.dll, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.340287\psuser.dll, In Quarantäne, [9eedf75171190c2a2561f399af542bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\GoogleCrashHandler.exe, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\GoogleUpdate.exe, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\GoogleUpdateBroker.exe, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\GoogleUpdateHelper.msi, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\GoogleUpdateOnDemand.exe, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\goopdate.dll, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\goopdateres_en.dll, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\npGoogleUpdate4.dll, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\psmachine.dll, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Leon-Yannick\AppData\Local\Temp\comh.346746\psuser.dll, In Quarantäne, [a4e74503ff8b7fb7a1e5ed9f659e6e92],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [3259a2a636542d09f63ce4c3996aaf51],
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: (  "homepage": "hxxp://www.mystartsearch.com/?type=hppp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513",), Ersetzt,[b4d71f2925653df9ae6f0429f0164fb1]
PUP.Optional.CrossRider.A, C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14b74e2dfa256ad958f834e57b34e6fb");), Ersetzt,[34577fc9bdcd6bcb94a95ad6c442718f]
PUP.Optional.MyStartSearch.A, C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\search.json, Gut: (), Schlecht: (mystartsearch), Ersetzt,[5a31c97f9ded16201da80b2128de1be5]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)



Hier der AdwCleaner Log
Code:
# AdwCleaner v4.112 - Bericht erstellt 22/03/2015 um 20:03:54
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-22.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Leon-Yannick - LEON-YANNICK-PC
# Gestarted von : C:\Users\Leon-Yannick\Downloads\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Leon-Yannick\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\Leon-Yannick\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Leon-Yannick\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Windows\DtcInstall.log
Datei Gelöscht : C:\Windows\TSSysprep.log
Datei Gelöscht : C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\user.js
Datei Gelöscht : C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
Datei Gelöscht : C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-journal
Datei Gelöscht : C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
Datei Gelöscht : C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : PostPoneInstall

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BetterMarkIt
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)

[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423522566&from=smt&uid=WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513&q={searchTerms}");
[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[x1z3k6f6.default-1422993842713\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [10923 Bytes] - [22/03/2015 20:01:30]
AdwCleaner[S0].txt - [10165 Bytes] - [22/03/2015 20:03:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10225  Bytes] ##########



Hier der JRT Log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by Leon-Yannick on 22.03.2015 at 20:25:56,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Leon-Yannick\AppData\Roaming\mozilla\firefox\profiles\x1z3k6f6.default-1422993842713\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "smt");
user_pref("browser.search.searchengine.uid", "WDCXWD6400AACS-00D6B1_WD-WCAU4D62251322513");
Emptied folder: C:\Users\Leon-Yannick\AppData\Roaming\mozilla\firefox\profiles\x1z3k6f6.default-1422993842713\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2015 at 20:31:39,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Hier der Frische Frst Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Leon-Yannick (administrator) on LEON-YANNICK-PC on 22-03-2015 20:34:36
Running from C:\Users\Leon-Yannick\Downloads
Loaded Profiles: Leon-Yannick (Available profiles: Leon-Yannick)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-10] (AVAST Software)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2195240 2015-01-20] (Gainward Co. Ltd.)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify Web Helper] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-18] (Spotify Ltd)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-18] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-10] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF SearchPlugin: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\searchplugins\google-avast.xml [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-13]
CHR Extension: (Avast Online Security) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-10] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-02-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-10] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-02-04] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-10] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 20:31 - 2015-03-22 20:33 - 00001169 _____ () C:\Users\Leon-Yannick\Desktop\JRT.txt
2015-03-22 20:10 - 2015-03-22 20:12 - 01388672 _____ (Thisisu) C:\Users\Leon-Yannick\Downloads\JRT.exe
2015-03-22 20:09 - 2015-03-22 20:09 - 00010342 _____ () C:\Users\Leon-Yannick\Desktop\AdwCleaner[S0].txt
2015-03-22 20:01 - 2015-03-22 20:03 - 00000000 ____D () C:\AdwCleaner
2015-03-22 20:00 - 2015-03-22 20:00 - 02171392 _____ () C:\Users\Leon-Yannick\Downloads\AdwCleaner_4.112.exe
2015-03-22 19:59 - 2015-03-22 19:59 - 00035071 _____ () C:\Users\Leon-Yannick\Desktop\MMab.txt
2015-03-22 13:25 - 2015-02-05 18:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-22 09:38 - 2015-03-22 09:38 - 00022381 _____ () C:\ComboFix.txt
2015-03-22 09:24 - 2015-03-22 09:38 - 00000000 ____D () C:\Qoobox
2015-03-22 09:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-22 09:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-22 09:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-22 09:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-22 09:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-22 09:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-22 09:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-22 09:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-22 09:23 - 2015-03-22 09:37 - 00000000 ____D () C:\Windows\erdnt
2015-03-22 09:23 - 2015-03-22 09:23 - 05615380 ____R (Swearware) C:\Users\Leon-Yannick\Desktop\ComboFix.exe
2015-03-22 09:23 - 2015-03-22 09:23 - 05615380 _____ (Swearware) C:\Users\Leon-Yannick\Downloads\ComboFix.exe
2015-03-22 09:05 - 2015-03-22 09:05 - 00023643 _____ () C:\Users\Leon-Yannick\Downloads\Addition.txt
2015-03-22 09:04 - 2015-03-22 20:34 - 00015163 _____ () C:\Users\Leon-Yannick\Downloads\FRST.txt
2015-03-22 09:04 - 2015-03-22 20:34 - 00000000 ____D () C:\FRST
2015-03-22 09:03 - 2015-03-22 09:04 - 02095616 _____ (Farbar) C:\Users\Leon-Yannick\Downloads\FRST64 (1).exe
2015-03-22 09:03 - 2015-03-22 09:03 - 02095616 _____ (Farbar) C:\Users\Leon-Yannick\Downloads\FRST64.exe
2015-03-22 08:22 - 2015-03-22 19:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 08:22 - 2015-03-22 08:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 08:22 - 2015-03-22 08:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 08:22 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 08:22 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 08:22 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 08:19 - 2015-03-22 08:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Leon-Yannick\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 22:06 - 2015-03-21 22:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Python
2015-03-21 22:06 - 2015-03-21 22:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ActiveState
2015-03-21 22:05 - 2015-03-21 22:05 - 00000000 ____D () C:\Python27
2015-03-21 22:05 - 2015-03-21 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 2.7 (32-bit)
2015-03-21 22:04 - 2015-03-21 22:04 - 37773312 _____ () C:\Users\Leon-Yannick\Downloads\ActivePython-2.7.8.10-win32-x86.msi
2015-03-21 22:02 - 2015-03-21 22:16 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17
2015-03-21 22:02 - 2015-03-21 22:02 - 01876725 _____ () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17.zip
2015-03-21 21:30 - 2015-03-21 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 21:10 - 2015-03-21 21:10 - 00001111 _____ () C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
2015-03-18 20:25 - 2015-03-18 20:25 - 00314024 _____ () C:\Windows\Minidump\031815-24632-01.dmp
2015-03-18 18:56 - 2015-03-18 18:56 - 00001788 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-12 16:35 - 2015-03-12 16:56 - 00000000 ____D () C:\Sichern
2015-03-11 19:04 - 2015-03-11 19:04 - 03736125 _____ () C:\Users\Leon-Yannick\Downloads\testdisk-6.14.win.zip
2015-03-11 19:04 - 2015-03-11 19:04 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\testdisk-6.14.win
2015-03-11 16:16 - 2015-03-11 16:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-11 16:03 - 2015-03-11 16:04 - 60039168 _____ () C:\Users\Leon-Yannick\Downloads\PhysX-9.14.0702-SystemSoftware.msi
2015-03-10 22:42 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:42 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 22:42 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:42 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 22:42 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 22:42 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 22:42 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 22:42 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:42 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 22:42 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:42 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:42 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:42 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:42 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:42 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:42 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:42 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:42 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:42 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:42 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:42 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:42 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:42 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:42 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:42 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 22:42 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:42 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:42 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 22:42 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 22:42 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 22:42 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:42 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 22:42 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 22:42 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 22:42 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 22:42 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 22:42 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 22:42 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:42 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:42 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:42 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:42 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:42 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 22:42 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 22:42 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 22:42 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:42 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 22:42 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 22:42 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 22:42 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:42 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:42 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 22:42 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 22:42 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 22:29 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:29 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 22:29 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:29 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 22:29 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 22:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 22:29 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 22:29 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:29 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:29 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:29 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:29 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:29 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 22:29 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:29 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 22:29 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 22:29 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 22:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 22:29 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 22:29 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 22:29 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 22:29 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 22:29 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 22:29 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 22:29 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:29 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:29 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 22:29 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 22:16 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:16 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:16 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:16 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:16 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:16 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:16 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:16 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:16 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 22:16 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 22:16 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 22:16 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 22:16 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 22:16 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 22:16 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 22:16 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:09 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:09 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 22:09 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 22:09 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 22:09 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:09 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 22:07 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 22:07 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 22:07 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 22:06 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 22:06 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:06 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:06 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 22:04 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:04 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:04 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 22:04 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 22:04 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 21:59 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:59 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:56 - 2015-03-10 17:56 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TeamViewer
2015-03-09 22:27 - 2015-03-09 22:28 - 00287342 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-03-08 16:44 - 2015-03-08 16:44 - 00291026 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-03-08 16:44 - 2015-03-08 16:44 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-03-08 01:56 - 2015-03-08 01:56 - 00000216 _____ () C:\DebugTrace-RockallDLL.log
2015-03-07 20:19 - 2015-03-07 20:19 - 00002161 _____ () C:\Users\Public\Desktop\Age of Empires III.lnk
2015-03-07 20:19 - 2015-03-07 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2015-03-07 19:55 - 2015-03-07 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-03-02 23:08 - 2015-03-02 23:08 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\Backup-TA-9.11
2015-03-02 23:07 - 2015-03-02 23:07 - 01599713 _____ () C:\Users\Leon-Yannick\Downloads\Backup-TA-9.11.zip
2015-03-02 22:41 - 2015-03-02 22:41 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\clockworkmod
2015-03-02 13:52 - 2015-03-02 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2015-03-02 13:52 - 2015-03-02 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-03-02 13:44 - 2015-03-02 13:44 - 00000800 _____ () C:\Users\Leon-Yannick\Desktop\Flashtool.lnk
2015-03-02 12:51 - 2015-03-02 12:53 - 00012992 _____ () C:\Windows\DPINST.LOG
2015-03-02 12:49 - 2015-03-02 13:44 - 00000000 ____D () C:\Users\Leon-Yannick\.flashTool
2015-03-02 12:49 - 2015-03-02 12:49 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool
2015-03-02 12:49 - 2015-03-02 12:49 - 00000000 ____D () C:\Users\Leon-Yannick\.swt
2015-03-02 12:47 - 2015-03-02 13:55 - 00000000 ____D () C:\Flashtool
2015-03-02 12:11 - 2015-03-02 12:32 - 184443528 _____ (Androxyde) C:\Users\Leon-Yannick\Downloads\flashtool-0.9.18.5-windows.exe
2015-02-28 21:23 - 2015-03-08 00:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-28 20:11 - 2015-02-28 20:11 - 00000222 _____ () C:\Users\Leon-Yannick\Desktop\Nosgoth.url
2015-02-26 14:08 - 2015-02-26 14:08 - 21340088 _____ () C:\Users\Leon-Yannick\Downloads\C6903_14.4.A.0.157_KERNEL-21-non-rootable.ftf
2015-02-26 14:04 - 2015-02-26 14:04 - 21331858 _____ () C:\Users\Leon-Yannick\Downloads\C6903_14.4.A.0.108_KERNEL-21-towel-rootable.ftf
2015-02-26 13:47 - 2015-02-26 13:52 - 25047264 _____ () C:\Users\Leon-Yannick\Downloads\Z1-lockeddualrecovery2.8.2-RELEASE.installer.zip
2015-02-26 13:22 - 2015-02-26 13:22 - 02880770 _____ () C:\Users\Leon-Yannick\Downloads\EasyRootTool v12.4.zip
2015-02-26 13:16 - 2015-02-26 13:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-26 13:12 - 2015-02-26 13:12 - 00000000 ____D () C:\Users\Leon-Yannick\.android
2015-02-26 13:11 - 2015-02-26 13:12 - 00000000 ____D () C:\newroot
2015-02-26 13:03 - 2013-05-12 23:27 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-26 13:03 - 2013-05-12 23:27 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-02-26 12:59 - 2015-02-26 12:59 - 32242911 _____ () C:\Users\Leon-Yannick\Downloads\newroot.rar
2015-02-26 12:15 - 2015-02-26 12:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-25 17:47 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 17:47 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 17:09 - 2015-02-20 17:09 - 00311624 _____ () C:\Windows\Minidump\022015-27549-01.dmp
2015-02-20 01:18 - 2015-02-20 01:18 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-20 01:18 - 2015-02-20 01:18 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-20 01:18 - 2015-02-20 01:18 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 20:35 - 2015-02-12 16:30 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TS3Client
2015-03-22 20:13 - 2009-07-14 05:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 20:13 - 2009-07-14 05:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 20:11 - 2015-02-04 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 20:09 - 2015-02-02 22:43 - 01052548 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 20:06 - 2015-02-07 00:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Spotify
2015-03-22 20:06 - 2015-02-07 00:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\Spotify
2015-03-22 20:06 - 2015-02-05 19:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 20:06 - 2015-02-03 14:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-22 20:06 - 2009-07-14 05:51 - 00057752 _____ () C:\Windows\setupact.log
2015-03-22 20:05 - 2015-02-03 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-22 20:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 19:59 - 2015-02-05 19:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 13:28 - 2010-11-21 04:47 - 00197240 _____ () C:\Windows\PFRO.log
2015-03-22 13:25 - 2015-02-03 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-22 13:12 - 2015-02-05 21:07 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\Euro Truck Simulator 2
2015-03-22 12:49 - 2015-02-11 21:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 12:48 - 2015-02-02 23:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-22 11:16 - 2015-02-02 23:33 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-22 10:10 - 2015-02-07 00:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-22 09:38 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-22 09:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-22 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-22 08:05 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-03-21 14:14 - 2015-02-10 20:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-18 21:54 - 2015-02-09 17:13 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\MemTest41
2015-03-18 20:25 - 2015-02-02 22:38 - 551943321 _____ () C:\Windows\MEMORY.DMP
2015-03-18 20:25 - 2015-02-02 22:38 - 00000000 ____D () C:\Windows\Minidump
2015-03-18 18:56 - 2015-02-07 00:05 - 00001802 _____ () C:\Users\Leon-Yannick\Desktop\Spotify.lnk
2015-03-18 07:29 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 20:48 - 2015-02-12 16:29 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-03-15 20:48 - 2015-02-10 20:36 - 00001786 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 20:48 - 2015-02-10 20:35 - 00002008 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-15 20:48 - 2015-02-04 18:57 - 00000904 _____ () C:\Users\Public\Desktop\Catzilla.lnk
2015-03-14 22:48 - 2015-02-08 12:58 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ftblauncher
2015-03-12 16:36 - 2015-02-03 14:25 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\.technic
2015-03-12 15:26 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-03-12 15:26 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-03-12 15:26 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 15:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 16:16 - 2015-02-03 12:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-11 14:29 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 14:26 - 2009-07-14 05:45 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 14:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 14:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 17:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 05:40 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 01:58 - 2015-02-17 09:39 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\My Games
2015-03-08 01:57 - 2015-02-03 15:01 - 00283647 _____ () C:\Windows\DirectX.log
2015-03-08 01:53 - 2015-02-17 16:33 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 00:54 - 2015-02-03 12:07 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 20:19 - 2015-02-02 22:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-03 22:12 - 2015-02-12 16:30 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-03-02 12:49 - 2015-02-02 22:43 - 00000000 ____D () C:\Users\Leon-Yannick
2015-03-01 13:16 - 2015-02-18 15:49 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TIPP10
2015-02-28 20:11 - 2015-02-11 22:03 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-26 17:42 - 2015-02-08 13:00 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Monster
2015-02-24 22:04 - 2015-02-04 17:41 - 00001139 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-24 22:04 - 2015-02-04 17:41 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-24 21:38 - 2015-01-25 17:12 - 00000365 _____ () C:\Users\Leon-Yannick\AppData\Roaming\OLHS
2015-02-24 21:10 - 2015-02-09 23:54 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\DAEMON Tools Lite
2015-02-24 21:10 - 2015-02-08 12:58 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\ftblauncher
2015-02-24 21:10 - 2015-02-04 16:14 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\NVIDIA
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-22 19:43 - 2015-02-18 17:59 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-22 19:41 - 2015-02-18 17:59 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Wondershare
2015-02-22 19:41 - 2015-02-18 17:59 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-20 01:18 - 2015-02-03 12:08 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-20 01:18 - 2015-02-03 12:08 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-20 01:18 - 2015-02-03 11:59 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-20 01:18 - 2015-02-03 11:59 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-20 01:18 - 2015-02-03 11:59 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-20 01:18 - 2015-02-03 11:59 - 00027441 _____ () C:\Windows\system32\nvinfo.pb

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Leon-Yannick\AppData\Roaming\CIUZJIT
2015-01-25 17:12 - 2015-02-24 21:38 - 0000365 _____ () C:\Users\Leon-Yannick\AppData\Roaming\OLHS
2015-02-04 17:25 - 2015-02-04 17:25 - 0007602 _____ () C:\Users\Leon-Yannick\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Leon-Yannick\AppData\Local\Temp\Quarantine.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 13:38

==================== End Of Log ============================
--- --- ---

Leon-Yannick 22.03.2015 21:06
Und zu guter letzt den Addition Log:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Leon-Yannick at 2015-03-22 20:35:23
Running from C:\Users\Leon-Yannick\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Catzilla 1.3 (HKLM\...\{41EE0CB2-75DE-4FE0-AEB2-4CBC30624FA6}_is1) (Version: 1.3 - ALLPlayer Group Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.3 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.3 R3 Alpha - ETS2MP Team)
EXPERTool v9.9 (HKLM-x32\...\{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1) (Version: 9.9.0.0 - Gainward Co. Ltd.)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.5 - Androxyde)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150311.103813 - Square Enix Ltd)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Race Driver 3 (HKLM-x32\...\{A137D52E-FA96-4815-85F5-E7B8F66837DB}) (Version: 1.00.0000 - Codemasters)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-02-2015 19:40:38 Geplanter Prüfpunkt
28-02-2015 21:23:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-02-2015 21:23:52 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
01-03-2015 21:03:29 Windows Update
02-03-2015 12:51:26 Gerätetreiber-Paketinstallation: Sony Sony sa0109
02-03-2015 12:52:00 Gerätetreiber-Paketinstallation: Sony Netzwerkadapter
02-03-2015 12:52:19 Gerätetreiber-Paketinstallation: Google, Inc.
02-03-2015 12:52:38 Gerätetreiber-Paketinstallation: Sony Ericsson Mobile Communications USB-Controller
06-03-2015 14:41:56 Windows Update
07-03-2015 19:51:49 Installiert Age of Empires III
08-03-2015 00:45:15 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
08-03-2015 00:45:47 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
08-03-2015 01:56:44 DirectX wurde installiert
08-03-2015 16:43:47 Windows Update
09-03-2015 22:27:37 Windows Update
10-03-2015 23:18:41 Windows Update
11-03-2015 16:15:32 NVIDIA PhysX wird installiert
17-03-2015 12:53:44 Windows Update
20-03-2015 19:30:51 Windows Update
21-03-2015 22:05:07 Installed ActiveState ActivePython 2.7.8.10 (32-bit)
22-03-2015 11:15:42 Windows Update
22-03-2015 13:22:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17645A4F-F14A-40D9-BDBA-FC508E0E0FCA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-10] (AVAST Software)
Task: {6DCDD041-7AE5-4C00-AD0B-0D5196B6392C} - System32\Tasks\{B84308E1-9624-4886-8C57-6D9FDD60D22D} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {84D98F93-3EDB-4D2F-AE6D-2562E7A66C08} - System32\Tasks\avastBCLRestartS-1-5-21-2095702127-3137971373-1474782704-1000 => Chrome.exe
Task: {B0E3E0C8-A144-48AA-B769-95661F73F531} - System32\Tasks\EXPERTool => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2015-01-20] (Gainward Co. Ltd.)
Task: {B1F72170-92CD-4C87-BD37-E18F2D0A50FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {D154C423-FFB0-4A37-A4A3-0AA95ADC8771} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {E759EFC9-1A50-4D53-B1F1-CACC76811F93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-03 12:08 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-18 17:19 - 2015-01-20 10:45 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-02-07 00:31 - 2015-02-07 00:31 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-10 20:34 - 2015-02-10 20:34 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-10 20:34 - 2015-02-10 20:34 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-03-22 13:07 - 2015-03-22 13:07 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15032200\algo.dll
2015-02-10 20:34 - 2015-02-10 20:34 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-03 14:20 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-03 14:20 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-03 14:20 - 2015-02-19 00:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-03 14:20 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-03 14:20 - 2015-02-19 00:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-10 17:43 - 2015-03-18 18:56 - 40506936 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libcef.dll
2015-03-13 20:36 - 2015-03-13 20:36 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 01365560 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libglesv2.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 00219192 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\libegl.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 09305656 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\pdf.dll
2015-03-10 17:43 - 2015-03-18 18:56 - 00990776 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-02-03 14:20 - 2015-01-28 02:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2095702127-3137971373-1474782704-500 - Administrator - Disabled)
Gast (S-1-5-21-2095702127-3137971373-1474782704-501 - Limited - Disabled)
Leon-Yannick (S-1-5-21-2095702127-3137971373-1474782704-1000 - Administrator - Enabled) => C:\Users\Leon-Yannick

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 425 Processor
Percentage of memory in use: 23%
Total physical RAM: 8190.3 MB
Available physical RAM: 6278.16 MB
Total Pagefile: 16378.8 MB
Available Pagefile: 14389.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.07 GB) (Free:123.26 GB) NTFS
Drive d: (RACEDRIVER3) (CDROM) (Total:3.59 GB) (Free:0 GB) CDFS
Drive e: (NR 9) (Fixed) (Total:372.6 GB) (Free:107.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 372.6 GB) (Disk ID: E93A112C)
Partition 1: (Not Active) - (Size=372.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================

schrauber 23.03.2015 13:48

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Leon-Yannick 14.04.2015 18:03
Hier das ESET Log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=59b8a80800dd97418e82a6da77e2c5cd
# engine=23043
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 09:54:02
# local_time=2015-03-23 10:54:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 806401 3554437 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 86910 178777492 0 0
# scanned=59206
# found=0
# cleaned=0
# scan_time=308
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=59b8a80800dd97418e82a6da77e2c5cd
# engine=23121
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-28 01:32:30
# local_time=2015-03-28 02:32:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 1161509 3913145 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14905 179136200 0 0
# scanned=1146928
# found=75
# cleaned=61
# scan_time=12964
sh=A0F92D7F411C61485B93359021E866249CA34D52 ft=1 fh=1d6eef9f4cb36441 vn="Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Temporary Internet Files\Content.IE5\U98P2TWJ\2014092135185[1].exe"
sh=838B0FFEAEAB5B80E3150604A609EB0DCA13A537 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.CX Trojaner" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\program files\Wondershare\Dr.Fone f¨¹r Android\Root\exynos-abuse"
sh=BCD5B546FFEF25A51C5BEBD2A4B9D8278DC00DC6 ft=0 fh=0000000000000000 vn="Android/Exploit.MempoDroid.A Trojaner" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\program files\Wondershare\Dr.Fone f¨¹r Android\Root\mempodroid"
sh=6B75D6A615B532E67C2E62CCFF0443455A6D7C40 ft=1 fh=3e50957fe844d443 vn="Variante von MSIL/Adware.iBryte.F Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Programme\Search Extensions\Client.exe"
sh=06A3A61E33E6FC71DD3605857BD5F026875E1024 ft=1 fh=c541a08959be449f vn="Variante von MSIL/Adware.iBryte.G Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Programme\Search Extensions\uninstall.exe"
sh=397616F84B3F46389A4355D733D70D9E7C9D7879 ft=1 fh=758bb60314448306 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\WINDOWS\system32\roboot.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\WINDOWS\system32\sasnative32.exe"
sh=CA0E525F09A2657AE5DFFF307C1FE954E1159B98 ft=1 fh=9ecb711de547171b vn="Variante von Win64/BrowseFox.BC evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partition c\WINDOWS\system32\drivers\tStLib.sys"
sh=6BF90AD7795E654A8F0A3C236DBE0DF9150450FB ft=1 fh=9fc15204e444e351 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Sicherung der 250GB platte\Partiton e\VIDEO_TS\chip apps\Updates\iDevice Manager\IDMSetup.exe"
sh=9B5AA9D21F25F281DCD07094AAEE9BD4CF03F12D ft=1 fh=1c058e4f2945e215 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Users\Heinemann\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe"
sh=8490554F15357EA162494EE1763509959F3EBAEB ft=1 fh=58b66b725959d138 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Users\Heinemann\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe"
sh=E4772585CEB9AA369A292D03667C7AA76E9EA04A ft=1 fh=274da3f94e245cf7 vn="Win32/Toolbar.Montiera.E evtl. unerwünschte Anwendung" ac=I fn="E:\alles leon\Users\Heinemann\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="E:\Modding&Backup\Sony Xperia Z1\Root\EasyRootTool v12.4\files\libexploit.so"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="E:\Modding&Backup\Sony Xperia Z1\Z1-lockeddualrecovery2.8.2-RELEASE.installer\lockeddualrecovery\files\easyroottool\libexploit.so"
sh=9041B5B0041D9F59BB48B913D6E3E849D2FE21C7 ft=1 fh=b6596053b61a09e1 vn="Variante von Win32/Amonetize.CH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\AppData\Local\Temp\srv88931.exe"
sh=9EBE8E9C4258F2E58C29ED4DD22F8A70D626AB0F ft=1 fh=3493c9483ce423e2 vn="Variante von Win32/4Shared.AB evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\AppData\Local\Temp\@2C32.tmp\Crack Ets 2 1.9.22 Boot Games .exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\AppData\Local\Temp\DMR\dmr_72.exe"
sh=74A238D8CAD0CC5ECA8654D2AE9B6A9A14C70AE4 ft=1 fh=5210c64a8a74a115 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\AppData\Local\Temp\U2DC5.tmp\UNT2DC6.tmp.exe"
sh=100C1C6DA6C6646025B17197B437512BE4D78FDC ft=1 fh=20804abc5174beae vn="Variante von Win32/Packed.VMProtect.ABD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Desktop\Neuer Ordner\key gen\Crack\steam_api.dll"
sh=4EF7A6F9522529F811D58FE55ECB21D8C15C5719 ft=1 fh=8322b973f3bd2c1c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\Blender 32 Bit - CHIP-Installer.exe"
sh=153E2D15A1D5D2A507EC9C0C94C6BA817367A26D ft=1 fh=baa92d03804b80de vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\FurMark - CHIP-Installer.exe"
sh=DC6486C8549E3A9A22E6AAF6B54A97C1BD338917 ft=1 fh=111479a9048e21b5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\HTML Editor Phase - CHIP-Installer.exe"
sh=11BF257FDC5339895AC84F7C3385C4CC365EF6E2 ft=1 fh=1d04decfd3663c5b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=0C963ED70966EAF996051A88ECC594867FEA4022 ft=1 fh=bec4cfed61ce9bbc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\JS Designer - CHIP-Installer.exe"
sh=2EFF2F38D0A6081F4F5265BF5BBE3A336D1E0B92 ft=1 fh=470e0cc3375c6e53 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\MaxxMEM2 - CHIP-Installer.exe"
sh=D93CA5D881E5D8D4A63A6F206246D41AB9B1AA7D ft=1 fh=64c02bed0f2445d7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\MyPhoneExplorer - CHIP-Installer(1).exe"
sh=1216DA9C84AA7EE867413EF5A28B0B8B985A5F48 ft=1 fh=1f6aa00ed34a08f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\MyPhoneExplorer - CHIP-Installer.exe"
sh=F7E97857CF8F04B0B50AF4B865F7011AEA1241E6 ft=1 fh=4fe01e2b2b37af7e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\SpeedFan - CHIP-Installer.exe"
sh=2B398E17B966340FD004758B98651A1326D0C80A ft=1 fh=c3a246279c4fa496 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Alte Platte\Users\Leon-Yannick\Downloads\WavePad - CHIP-Installer(1).exe"
sh=97248C6DD1299E5D71F4072FA3737BA08BAC7FAD ft=1 fh=bd38584e71f5fc58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Leon-Yannick\Downloads\MSI Afterburner - CHIP-Installer.exe"
sh=7E62CD24C68C6873E2367358E9B67F26B832DD4A ft=1 fh=c71c001152d7a4ca vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmApp.dll"
sh=AD188F10AB5A30A6EE8149A6AAF68247FC9E63E5 ft=1 fh=c71c00110d6f5af3 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll"
sh=DA7464E58409B29B1ED2C7A65F3FD61402DAC1A5 ft=1 fh=dce5cbde4ee07593 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe"
sh=4280BD42B8746C3063C7FBEC9D0F026C3B32D1D3 ft=1 fh=66c52799588ff223 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmTlbr.dll"
sh=9F1F8446680FD61541FCC3E2B75E44E0EDCDFCAE ft=1 fh=e93b79f29aa9228b vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe"
sh=AD9F3DAA348EEA4E74B2FAD65EA492F32CA72339 ft=1 fh=ce06389d744632d2 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Program Files (x86)\CheckPoint\Install\zatb.exe"
sh=B634095B2F3AD737DB5489BA4DB6B2F448A3FAEE ft=1 fh=4f6685c4dec6b5fe vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\WPM\wprotectmanager.exe"
sh=BB88B30D7BA1BB3BB404AC93D6E8AFCF4D0BE5D8 ft=1 fh=addf7a050e29522f vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\WPM\update\update.exe"
sh=BCB96F8CFF7A66060504B286B78C8F7F962F7983 ft=1 fh=f5a3588d8206c074 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Wondershare\drfone-for-android_full1561.exe"
sh=BEE96291323D129CF104D0FA8ECBE8AAB5E4BCA5 ft=1 fh=c71c001156299171 vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Dirk 2\Lokale Einstellungen\Temp\NERO14959\Toolbar.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Anwendungsdaten\1H1Q\Minecraft - 1.7.2 Packages\uninstaller.exe"
sh=573708618575E15666DB839A18F47F1D40D04D67 ft=1 fh=7b0cd3053e9c6265 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Free_Download_Setup.exe"
sh=CC6BF765F2E508D8CA73AA04FF2A57138BE78601 ft=1 fh=200992bf8f18a27d vn="Variante von Win32/Verti.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Xvid_RocketFuelInstaller.exe"
sh=483142B6DD974F3FCCBFBCE6F49FFED8937FD7E4 ft=1 fh=615a16602cdef8b1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Avidemux 32 Bit - CHIP-Installer.exe"
sh=7D01C31BE98E9A780AD253D01EAC5A0460A91390 ft=1 fh=a5c910c79348d923 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Bat To Exe Converter - CHIP-Installer.exe"
sh=5F0AEA75C1D783B9273400763768C94D9C1D8919 ft=1 fh=f2dcacc907dcd8ca vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Core Temp - CHIP-Downloader.exe"
sh=8CC873F6A9F58FF13262CFBA5080FA9B771D8193 ft=1 fh=e1042e6a2a262d52 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\CPU Z - CHIP-Downloader.exe"
sh=CF35EA89F7862332D4377A713F94466723AFD9D8 ft=1 fh=92869ebbbb386026 vn="Variante von Win32/Verti.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\FlightSim_RocketFuelInstaller.exe"
sh=2427AEEDBBECFEA810CB17A1306DCE95F223B574 ft=1 fh=5687badffb081e58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\iPhone Backup Extractor - CHIP-Installer.exe"
sh=50846B25243ED0B466A42C0E824D7990BE2FE78E ft=1 fh=0e958c1e9bcf8b33 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\LG PC Suite IV - CHIP-Installer.exe"
sh=E27CBC7E3A12F2B74F6625F2D9EE13B6C21166A3 ft=1 fh=c4afe262e2f13ad1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Lightworks - CHIP-Installer.exe"
sh=C8C29A48DEB4F3773272132BBB921B37A34916B8 ft=1 fh=a289fc467fff76d6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\LogMeIn Hamachi - CHIP-Installer.exe"
sh=F5663BC4744C3A217AAC4B7BC838B5C2665A8F59 ft=1 fh=4ccb0579dfff67dd vn="Win32/InstallCore.FB evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\MineCraftSetup.exe"
sh=3ECC23B8CC07B62B5F8C279867E92C6BB99BBE01 ft=1 fh=937d40727c8b7ac2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Minimal ADB and Fastboot - CHIP-Installer.exe"
sh=B5729C03116D82891380A083C4E214709380549B ft=1 fh=7dcb11e9301014bc vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\MyPhoneExplorer_Setup_1.8.6_CB-DL-Manager.exe"
sh=FCD97D32C6DBD18291E3D7EDE0A9BBB96D9BD7FD ft=1 fh=714f77bb355c8cd4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Ncat Netcat Portable - CHIP-Installer.exe"
sh=A60C3E090AA400A3A66366F44D7683F1875885D3 ft=1 fh=854145524760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Nexus-Radio-lnstall.exe"
sh=FCB992871F8BCA37B37D688E822CB0E81F384D08 ft=1 fh=636f4e8947805764 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\PhotoRec Sorter - CHIP-Installer.exe"
sh=B68ED88DFAB1D0CFDA41518A28AFC0A7EF318D22 ft=1 fh=dd6b51d387cb48c1 vn="Variante von Win32/Amonetize.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Railroad Tycoon 3 [PC] [english__2971_i64257430_il1949734.exe"
sh=41C6BC1F5C680FF66DCB9D85BF91FC98463A7B08 ft=1 fh=e7e254dd4760c140 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Samsung-USB-Smartphone-Treiber-lnstall.exe"
sh=16DBE32E7A36A0CFD89A785B817105F15B4D7E62 ft=1 fh=201e09d810da1920 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\SoftonicDownloader_fuer_klebezettel-ng.exe"
sh=E99B0A97D50456B0B55496D318204BE1A98050FF ft=1 fh=a0c59b8911a7209a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\TestDisk PhotoRec - CHIP-Installer.exe"
sh=44F288AE62EE7DCC4E8803A264CBF3EDFC4D6464 ft=1 fh=3c20b4cd6669ec28 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\VirtualDub 32 Bit - CHIP-Installer.exe"
sh=3527E35EFF3C21E6F9CDF8D74DCCE6C6F41CF8BF ft=1 fh=6860d60e2d3ac2ef vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\WavePad - CHIP-Installer(1).exe"
sh=E68FE36FC489BA63357238B458F60897078F36C6 ft=1 fh=8fb28d36570ee17a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\WavePad - CHIP-Installer.exe"
sh=FBB31888D612912E36559B0CBAB21C368A6C5C4C ft=1 fh=74552c08783d5f23 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\Windows 8 Upgrade Assistent - CHIP-Installer.exe"
sh=8410430E8C2BE0614AA83921F513008E65DBA76D ft=1 fh=381c7606079bd583 vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\Downloads\ZipOpenerSetup.exe"
sh=C01917EA39FB01AA4C6BFF5E181C1E8D69DC8815 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Eigene Dateien\EasyRootTool v12.3\files\libexploit.so"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12\options\pg_options.js"
sh=A2E80615F5BB4120C377C90E35EA06EA5FBDC664 ft=1 fh=96b074cea6923e90 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.12\plugins\npPriceGong_CH.dll"
sh=B5729C03116D82891380A083C4E214709380549B ft=1 fh=7dcb11e9301014bc vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Temp\ICReinstall_MyPhoneExplorer_Setup_1.8.6_CB-DL-Manager.exe"
sh=08131ADF7C15E801A902E72ADA9DBA8EF81AD101 ft=1 fh=0e19461b6ef503f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Temp\DMR\dmr_72.exe"
sh=13712099906E3E54965F9022F3E25C9C67AF422C ft=1 fh=c71c001122a7afa9 vn="Variante von Win32/Verti.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Temp\nsq30.tmp\setup.exe"
sh=4F55D4BA017B76A086E01603094E9EFB0C0104E8 ft=1 fh=ac019d8a7dbf5519 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\alles leon\Sicherung der 250GB platte\Partition c\Dokumente und Einstellungen\Leon.LEON-YANNICK\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe"
ESETSmartInstaller@High as downloader log:
all ok
Hier der Security Check LOg:

Code:
Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Mozilla Firefox (37.0.1)
 Google Chrome (41.0.2272.101)
 Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

Und hier das frische FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Leon-Yannick (administrator) on LEON-YANNICK-PC on 14-04-2015 19:31:58
Running from C:\Users\Leon-Yannick\Downloads
Loaded Profiles: Leon-Yannick (Available profiles: Leon-Yannick)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Gainward Co. Ltd.) C:\Program Files (x86)\EXPERTool\TBPanel.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-03] (AVAST Software)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [TBPanel] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2195240 2015-01-20] (Gainward Co. Ltd.)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify Web Helper] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Spotify] => C:\Users\Leon-Yannick\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2095702127-3137971373-1474782704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2095702127-3137971373-1474782704-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-10] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF SearchPlugin: C:\Users\Leon-Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\x1z3k6f6.default-1422993842713\searchplugins\google-avast.xml [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-10]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2015-03-13]
CHR Extension: (Avast Online Security) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\Leon-Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-10] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-10] (Avast Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-26] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-02-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-10] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-04-13] (Sony Mobile Communications)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2015-02-04] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 speedfan; SysWOW64\speedfan.sys [28664 2012-12-29] (Almico Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-10] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 19:31 - 2015-04-14 19:31 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\FRST-OlderVersion
2015-04-13 22:29 - 2015-04-13 22:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-04-13 20:24 - 2015-04-13 20:24 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-04-13 20:24 - 2015-04-13 20:24 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-04-13 20:23 - 2015-04-13 20:23 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-04-13 20:23 - 2015-04-13 20:23 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-04-13 20:20 - 2015-04-13 20:20 - 00002102 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-13 20:20 - 2015-04-13 20:20 - 00000000 ____D () C:\ProgramData\Sony
2015-04-13 20:20 - 2015-04-13 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-13 20:20 - 2015-04-13 20:20 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-13 20:19 - 2015-04-13 20:19 - 28579392 _____ (Sony Mobile Communications ) C:\Users\Leon-Yannick\Downloads\Sony PC Companion_Web.exe
2015-04-12 22:51 - 2015-04-12 22:51 - 01266727 _____ () C:\Users\Leon-Yannick\Documents\Epoche der Aufklärung.odp
2015-04-11 12:12 - 2015-04-11 12:12 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Windows 7 Professional with Service Pack 1 (x64) - DVD (German)
2015-04-11 12:05 - 2015-04-11 12:06 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\Save
2015-04-11 11:47 - 2015-04-11 11:47 - 00003185 _____ () C:\Users\Leon-Yannick\Desktop\Secure Download Manager.lnk
2015-04-11 11:47 - 2015-04-11 11:47 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\e-academy Inc
2015-04-11 11:47 - 2015-04-11 11:47 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\e-academy Inc
2015-04-11 11:46 - 2015-04-11 11:46 - 00720384 _____ () C:\Users\Leon-Yannick\Downloads\SDM_DE.msi
2015-04-09 18:09 - 2015-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-09 17:45 - 2015-04-09 17:45 - 08290686 _____ () C:\Users\Leon-Yannick\Downloads\ets2mp_client(1).zip
2015-04-08 23:04 - 2015-04-08 23:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-05 12:32 - 2015-04-05 12:32 - 02208768 _____ () C:\Users\Leon-Yannick\Downloads\adwcleaner_4.200.exe
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 18:04 - 2015-04-04 18:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 17:27 - 2015-04-04 17:27 - 34735924 _____ () C:\Users\Leon-Yannick\Desktop\Danke.blend
2015-04-04 17:06 - 2015-04-04 17:17 - 00000000 ____D () C:\jhg
2015-04-04 16:19 - 2015-04-04 16:19 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Blender Foundation
2015-04-04 16:07 - 2015-04-04 16:07 - 00000000 ____D () C:\Users\Leon-Yannick\.thumbnails
2015-04-04 16:06 - 2015-04-04 16:06 - 00001897 _____ () C:\Users\Public\Desktop\Blender.lnk
2015-04-04 16:06 - 2015-04-04 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2015-04-04 16:05 - 2015-04-04 16:05 - 00000000 ____D () C:\Program Files\Blender Foundation
2015-04-04 16:04 - 2015-04-04 16:04 - 34519832 _____ () C:\Users\Leon-Yannick\Downloads\Danke.blend
2015-04-04 16:00 - 2015-04-04 16:01 - 65495496 _____ () C:\Users\Leon-Yannick\Downloads\blender-2.74-windows64.exe
2015-03-27 23:58 - 2015-03-27 23:58 - 00852604 _____ () C:\Users\Leon-Yannick\Downloads\SecurityCheck.exe
2015-03-27 23:58 - 2015-03-27 23:58 - 00852604 _____ () C:\Users\Leon-Yannick\Desktop\SecurityCheck.exe
2015-03-25 22:26 - 2015-03-25 22:26 - 00000000 ____D () C:\Users\Leon-Yannick\Tracing
2015-03-25 22:25 - 2015-04-06 19:52 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Skype
2015-03-25 22:25 - 2015-04-06 19:52 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 22:25 - 2015-03-25 22:25 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\Skype
2015-03-25 22:24 - 2015-03-25 22:24 - 01380448 _____ (Skype Technologies S.A.) C:\Users\Leon-Yannick\Downloads\SkypeSetup.exe
2015-03-25 14:38 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 14:38 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 14:38 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 14:38 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 14:38 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 14:38 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 14:38 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 14:38 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 15:51 - 2015-03-23 15:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-23 15:50 - 2015-03-23 15:50 - 02347384 _____ (ESET) C:\Users\Leon-Yannick\Downloads\esetsmartinstaller_deu.exe
2015-03-22 23:09 - 2015-03-23 00:39 - 00050316 _____ () C:\Users\Leon-Yannick\Desktop\04.odt
2015-03-22 22:44 - 2015-03-22 22:45 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Foxit Software
2015-03-22 22:44 - 2015-03-22 22:44 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-03-22 22:43 - 2015-03-22 22:43 - 00001355 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-03-22 22:43 - 2015-03-22 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-03-22 22:43 - 2015-03-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-03-22 22:23 - 2015-03-22 22:23 - 38624744 _____ (Foxit Software Inc. ) C:\Users\Leon-Yannick\Downloads\FoxitReader710.0306_prom_enu_Setup.exe
2015-03-22 22:16 - 2015-03-22 22:16 - 05005064 _____ () C:\Users\Leon-Yannick\Desktop\02_Formeleditor.rar
2015-03-22 22:16 - 2015-03-22 22:16 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\02_Formeleditor
2015-03-22 22:10 - 2015-03-22 22:16 - 05005064 _____ () C:\Users\Leon-Yannick\Downloads\02_Formeleditor.rar
2015-03-22 21:36 - 2015-03-22 21:36 - 00059396 _____ () C:\Users\Leon-Yannick\Desktop\FRST.txt
2015-03-22 21:36 - 2015-03-22 21:36 - 00017155 _____ () C:\Users\Leon-Yannick\Desktop\Addition.txt
2015-03-22 21:31 - 2015-03-22 21:33 - 00001169 _____ () C:\Users\Leon-Yannick\Desktop\JRT.txt
2015-03-22 21:10 - 2015-03-22 21:12 - 01388672 _____ (Thisisu) C:\Users\Leon-Yannick\Downloads\JRT.exe
2015-03-22 21:09 - 2015-03-22 21:09 - 00010342 _____ () C:\Users\Leon-Yannick\Desktop\AdwCleaner[S0].txt
2015-03-22 21:01 - 2015-04-05 12:34 - 00000000 ____D () C:\AdwCleaner
2015-03-22 20:59 - 2015-03-22 20:59 - 00035071 _____ () C:\Users\Leon-Yannick\Desktop\MMab.txt
2015-03-22 14:25 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-22 10:38 - 2015-03-22 10:38 - 00022381 _____ () C:\ComboFix.txt
2015-03-22 10:24 - 2015-03-22 10:38 - 00000000 ____D () C:\Qoobox
2015-03-22 10:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-22 10:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-22 10:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-22 10:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-22 10:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-22 10:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-22 10:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-22 10:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-22 10:23 - 2015-03-22 10:37 - 00000000 ____D () C:\Windows\erdnt
2015-03-22 10:23 - 2015-03-22 10:23 - 05615380 ____R (Swearware) C:\Users\Leon-Yannick\Desktop\ComboFix.exe
2015-03-22 10:23 - 2015-03-22 10:23 - 05615380 _____ (Swearware) C:\Users\Leon-Yannick\Downloads\ComboFix.exe
2015-03-22 10:05 - 2015-03-22 21:35 - 00017155 _____ () C:\Users\Leon-Yannick\Downloads\Addition.txt
2015-03-22 10:04 - 2015-04-14 19:31 - 00016959 _____ () C:\Users\Leon-Yannick\Downloads\FRST.txt
2015-03-22 10:04 - 2015-04-14 19:31 - 00000000 ____D () C:\FRST
2015-03-22 10:03 - 2015-04-14 19:31 - 02096640 _____ (Farbar) C:\Users\Leon-Yannick\Downloads\FRST64.exe
2015-03-22 09:22 - 2015-04-14 19:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 09:22 - 2015-03-22 09:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-22 09:22 - 2015-03-22 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-22 09:22 - 2015-03-22 09:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-22 09:22 - 2015-03-22 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-22 09:22 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-22 09:22 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-22 09:22 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-22 09:19 - 2015-03-22 09:19 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Leon-Yannick\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-21 23:06 - 2015-03-21 23:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Python
2015-03-21 23:06 - 2015-03-21 23:06 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ActiveState
2015-03-21 23:05 - 2015-03-21 23:05 - 00000000 ____D () C:\Python27
2015-03-21 23:05 - 2015-03-21 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 2.7 (32-bit)
2015-03-21 23:04 - 2015-03-21 23:04 - 37773312 _____ () C:\Users\Leon-Yannick\Downloads\ActivePython-2.7.8.10-win32-x86.msi
2015-03-21 23:02 - 2015-03-21 23:16 - 00000000 ____D () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17
2015-03-21 23:02 - 2015-03-21 23:02 - 01876725 _____ () C:\Users\Leon-Yannick\Downloads\Whatsapp_Xtract_V2.2_2012-11-17.zip
2015-03-21 22:10 - 2015-03-21 22:10 - 00001111 _____ () C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk
2015-03-18 21:25 - 2015-03-18 21:25 - 00314024 _____ () C:\Windows\Minidump\031815-24632-01.dmp
2015-03-18 19:56 - 2015-04-03 23:36 - 00001788 _____ () C:\Users\Leon-Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 18:59 - 2015-02-05 20:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 18:51 - 2015-02-12 17:30 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\TS3Client
2015-04-14 18:49 - 2015-02-11 22:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 18:42 - 2015-02-02 23:43 - 01947968 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 18:34 - 2015-02-07 01:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Roaming\Spotify
2015-04-14 18:29 - 2015-02-07 01:05 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\Spotify
2015-04-14 17:36 - 2015-02-03 15:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 17:33 - 2009-07-14 06:51 - 00067613 _____ () C:\Windows\setupact.log
2015-04-14 17:18 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 17:18 - 2009-07-14 06:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 17:11 - 2015-02-10 21:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-14 17:10 - 2015-02-05 20:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 17:09 - 2015-02-03 13:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 20:23 - 2015-03-02 13:51 - 00143314 _____ () C:\Windows\DPINST.LOG
2015-04-13 20:20 - 2015-02-02 23:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-11 23:40 - 2015-02-05 22:07 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\Euro Truck Simulator 2
2015-04-11 12:09 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 12:09 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 12:09 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 22:25 - 2015-02-04 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 17:45 - 2015-02-11 23:28 - 00001193 _____ () C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-04-09 17:45 - 2015-02-11 23:28 - 00000000 ____D () C:\Users\Leon-Yannick\Documents\ETS2MP
2015-04-09 17:45 - 2015-02-11 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-04-09 17:45 - 2015-02-11 23:28 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer
2015-04-06 22:05 - 2015-02-03 01:12 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-06 19:52 - 2015-02-04 17:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-06 19:45 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-06 19:00 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-05 15:52 - 2015-02-04 19:59 - 00000000 ____D () C:\Users\Leon-Yannick\AppData\Local\ALLBenchmark
2015-04-04 16:07 - 2015-02-02 23:43 - 00000000 ____D () C:\Users\Leon-Yannick
2015-04-03 23:36 - 2015-02-07 01:05 - 00001802 _____ () C:\Users\Leon-Yannick\Desktop\Spotify.lnk
2015-04-03 23:34 - 2010-11-21 05:47 - 00197948 _____ () C:\Windows\PFRO.log
2015-04-03 18:52 - 2015-02-13 18:44 - 00005028 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-03 18:52 - 2015-02-07 01:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-03 18:51 - 2015-02-07 01:23 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-03 18:51 - 2015-02-07 01:23 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-26 18:52 - 2015-02-03 14:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 18:52 - 2015-02-03 14:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-22 22:17 - 2015-02-18 17:07 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\BV Lernen
2015-03-22 14:25 - 2015-02-03 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-22 13:48 - 2015-02-03 00:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-22 12:16 - 2015-02-03 00:33 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-22 10:38 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-03-22 10:35 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-22 09:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-18 22:54 - 2015-02-09 18:13 - 00000000 ____D () C:\Users\Leon-Yannick\Desktop\MemTest41
2015-03-18 21:25 - 2015-02-02 23:38 - 551943321 _____ () C:\Windows\MEMORY.DMP
2015-03-18 21:25 - 2015-02-02 23:38 - 00000000 ____D () C:\Windows\Minidump
2015-03-18 08:29 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-15 21:48 - 2015-02-12 17:29 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-03-15 21:48 - 2015-02-10 21:36 - 00001786 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-03-15 21:48 - 2015-02-10 21:35 - 00002008 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-15 21:48 - 2015-02-04 19:57 - 00000904 _____ () C:\Users\Public\Desktop\Catzilla.lnk

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Leon-Yannick\AppData\Roaming\CIUZJIT
2015-01-25 18:12 - 2015-02-24 22:38 - 0000365 _____ () C:\Users\Leon-Yannick\AppData\Roaming\OLHS
2015-02-04 18:25 - 2015-02-04 18:25 - 0007602 _____ () C:\Users\Leon-Yannick\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Leon-Yannick\AppData\Local\Temp\Quarantine.exe
C:\Users\Leon-Yannick\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Leon-Yannick\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 19:26

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 15.04.2015 09:42
Java updaten. ESET Funde auf C und E löschen.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.pngAbsicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Leon-Yannick 17.05.2015 11:46
Vielen Dank für deine Hilfe, die Probleme sind beseitigt und ich habe einiges für zukünftige Probleme gelernt. Danke!http://www.trojaner-board.de/images/...ankeschoen.gif

schrauber 18.05.2015 08:19
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131