Entfernung nerviger Programme!

Leo98 · 10.02.2015, 18:03

Hallo,
oh man ich glaube ich hab es mal wieder versch****!!! Ich habe ausversehen auf einen link gedrückt und plötzlich hat mein PC mehrere Programme installiert, ohne dass ein Browser oder ein Programm geöffnet war.
Seitdem habe ich wiedereinmal eine komische Startseite in meinem Browser Google Chrome!! Ich habe versucht allesmögliche über die Systemsteuerungen zu deinstallieren aber ich hab immer noch das Browser Problem!

schrauber · 10.02.2015, 18:06

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Leo98 · 10.02.2015, 18:21

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Leon (administrator) on LEON-PC on 10-02-2015 18:18:58
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [mbot_de_493] => [X]
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2382863035-827234180-2916811482-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=pcs&utm_campaign=install_ie&utm_content=ds&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&ts=1423584692&type=default&q={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-10] (globalUpdate) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-10] (SysTool PasSame LIMITED)
S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 18:18 - 2015-02-10 18:19 - 00021988 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-02-10 18:18 - 2015-02-10 18:19 - 00000000 ____D () C:\FRST
2015-02-10 18:18 - 2015-02-10 18:18 - 02132992 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434}
2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D}
2015-02-10 17:11 - 2015-02-10 17:17 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\omiga-plus
2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-10 17:11 - 2015-02-10 17:11 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-10 17:06 - 2015-02-10 17:06 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software
2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-10 17:02 - 2015-02-10 17:02 - 00000000 ____D () C:\Program Files (x86)\mbot_de_497
2015-02-10 17:01 - 2015-02-10 17:21 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job
2015-02-10 17:01 - 2015-02-10 17:21 - 00000984 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-10 17:01 - 2015-02-10 17:06 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-10 17:01 - 2015-02-10 17:01 - 01989592 _____ (Cinema PlusV10.02) C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe
2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI
2015-02-10 17:01 - 2015-02-10 17:01 - 00003960 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-02-10 17:01 - 2015-02-10 17:01 - 00003724 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-02-10 17:01 - 2015-02-10 17:01 - 00000000 ____D () C:\Users\Leon\AppData\Local\globalUpdate
2015-02-10 17:01 - 2015-02-10 17:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-10 16:59 - 2015-02-10 17:00 - 00654880 _____ () C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe
2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm
2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren
2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk
2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-31 17:34 - 2015-01-31 17:34 - 00759608 _____ ( ) C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe
2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt
2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe
2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK
2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 18:13 - 2013-08-22 15:46 - 00345399 _____ () C:\WINDOWS\setupact.log
2015-02-10 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-10 17:57 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-02-10 17:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 17:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 17:42 - 2013-11-26 19:08 - 01479015 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 17:41 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-02-10 17:24 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive
2015-02-10 17:24 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-02-10 17:22 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-02-10 17:22 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 17:22 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 17:21 - 2013-09-29 20:05 - 00083132 _____ () C:\WINDOWS\PFRO.log
2015-02-10 17:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-10 17:21 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 17:20 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini
2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-10 16:48 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-02-10 16:48 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-02-10 16:33 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon
2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe
2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe
2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe
2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele
2015-02-08 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 21:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help
2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule
2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI
2015-02-10 17:01 - 2015-02-10 17:01 - 1989592 _____ (Cinema PlusV10.02) C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe
2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Leon\AppData\Local\Temp\ksjdr8nb.dll
C:\Users\Leon\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Leon\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-10 17:42

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Leon at 2015-02-10 18:19:49
Running from C:\Users\Leon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CodeBlocks (HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version:  - Giants Software)
Free MP4 Video Converter version 5.0.45.716 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{B16A196A-B3C9-4C19-A968-59365071A39F}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
Python 3.4.0 (HKLM-x32\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2382863035-827234180-2916811482-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Leon\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

26-01-2015 19:44:57 Ende der Bereinigung
01-02-2015 14:09:54 Windows Update
06-02-2015 21:22:42 Windows Update
08-02-2015 21:05:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
08-02-2015 21:06:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
10-02-2015 16:50:33 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-01-26 19:28 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01C299DB-AFC2-46DF-BB3F-A2B525A64596} - System32\Tasks\ACQUPTNI => C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe [2015-02-10] (Cinema PlusV10.02) <==== ATTENTION
Task: {06E8512C-20BF-4399-BD2A-B072A502672F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {08FD8D94-C398-49C1-AA51-733B384E259A} - System32\Tasks\{823F7D7D-FBED-45B8-A935-5DDD590C629B} => pcalua.exe -a F:\setup.exe -d F:\
Task: {0D8E31FB-D4D4-4446-BC6F-1BA95589E585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {112B9B09-623B-4AB1-9703-57B456BE507C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-10] (globalUpdate) <==== ATTENTION
Task: {13463012-30B6-4247-BC02-37FE5C00DF48} - System32\Tasks\{CF902354-A649-4A7E-8190-4A65E8788D8E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.105/de/go/help.faq.installer?LastError=1638
Task: {237692C9-7361-4A22-9EB5-AB0268093EF0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-10] (globalUpdate) <==== ATTENTION
Task: {33611046-8A30-4F36-A146-D93BDF4E2628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {40B89F98-CC97-4BE1-A22E-FAA00CF8DA0A} - System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434} => pcalua.exe -a C:\Users\Leon\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=pcs <==== ATTENTION
Task: {4DFB4040-1E24-422D-AD64-AF82AFC2453D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {6C9F9837-99E9-4BB1-9256-0DF14358EA34} - System32\Tasks\{41A37D8F-AC88-4B51-83E1-6EE3A1645E1F} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {983C2AD4-693E-4541-B5F0-6613FD1F3B8B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {C38D43EB-0EFD-4D73-B0ED-D9BE37820A8A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-01] (Microsoft Corporation)
Task: {C65826B8-E311-49F8-BE15-12ACA0203B9A} - System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
Task: {CF8CA595-F4C4-488A-B1BF-21D3678AA0FC} - System32\Tasks\{385F51D0-3B19-4913-88F1-85B409FAD9D8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1638
Task: {E97BA326-3D8F-4DA2-83FF-EC8C0F192394} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {FB9E6523-1996-4EF3-BBEE-D53F54B393A6} - System32\Tasks\{F659F721-3DBD-4186-AFA6-06C5F2084EEB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1638
Task: {FBB214C2-16EF-4B61-A9D5-ED94A382D2C6} - System32\Tasks\{0B169B13-5F71-4518-A9DE-5A3487767D32} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: C:\WINDOWS\Tasks\ACQUPTNI.job => C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-26 19:08 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-11-27 18:47 - 2014-11-27 18:47 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-29 18:16 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 18:16 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 18:16 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 18:16 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-07-01 07:20 - 2014-11-11 19:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 17:41 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-22 17:34 - 2015-01-23 23:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-20 17:41 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 17:41 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-29 18:16 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-07-09 16:56 - 2015-01-23 23:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2013-07-09 12:45 - 2015-01-16 00:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-02-06 21:40 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 21:40 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 21:40 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Leon\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Leon\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Leon\Pictures\Von Leon Phone\Eigene Aufnahmen\star_wars_fiction_planet-wallpaper-1920x1080.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2382863035-827234180-2916811482-500 - Administrator - Disabled)
Gast (S-1-5-21-2382863035-827234180-2916811482-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2382863035-827234180-2916811482-1006 - Limited - Enabled)
Leon (S-1-5-21-2382863035-827234180-2916811482-1001 - Administrator - Enabled) => C:\Users\Leon

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B210 series
Description: Photosmart Plus B210 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 05:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cf0

Startzeit: 01d045507cc45855

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 6a987640-b144-11e4-beca-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2015 05:21:47 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (02/10/2015 05:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: upmbot_de_493.exe, Version: 1.0.0.1, Zeitstempel: 0x54d48f0f
Name des fehlerhaften Moduls: upmbot_de_493.exe, Version: 1.0.0.1, Zeitstempel: 0x54d48f0f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000a2a0
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xupmbot_de_493.exe0
Pfad der fehlerhaften Anwendung: upmbot_de_493.exe1
Pfad des fehlerhaften Moduls: upmbot_de_493.exe2
Berichtskennung: upmbot_de_493.exe3
Vollständiger Name des fehlerhaften Pakets: upmbot_de_493.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: upmbot_de_493.exe5

Error: (02/10/2015 05:01:11 PM) (Source: MsiInstaller) (EventID: 11309) (User: LEON-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (02/10/2015 04:41:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c94

Startzeit: 01d0454657a30194

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 57639438-b13b-11e4-bec9-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2015 04:32:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AfterFX.exe, Version 13.2.0.49 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 148c

Startzeit: 01d045468c9f2697

Endzeit: 16

Anwendungspfad: C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe

Berichts-ID: f4c10deb-b139-11e4-bec9-8c89a57ccf91

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15546

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15546

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2015 06:22:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(D07A244F22968FC2._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.


System errors:
=============
Error: (02/10/2015 05:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Post Restricted Access" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/10/2015 05:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "JO Service component" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/10/2015 05:21:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/10/2015 05:13:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GnsPuZPv" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2015 02:08:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/08/2015 02:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (02/08/2015 01:17:17 PM) (Source: DCOM) (EventID: 10010) (User: LEON-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


Microsoft Office Sessions:
=========================
Error: (02/10/2015 05:46:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689cf001d045507cc458554294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe6a987640-b144-11e4-beca-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2015 05:21:47 PM) (Source: WDSmartWareBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[] args)

Error: (02/10/2015 05:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: upmbot_de_493.exe1.0.0.154d48f0fupmbot_de_493.exe1.0.0.154d48f0fc00000050000a2a098001d0454b54ef5305C:\Users\Leon\AppData\Local\mbot_de_493\upmbot_de_493.exeC:\Users\Leon\AppData\Local\mbot_de_493\upmbot_de_493.exe92e6815f-b13e-11e4-bec9-8c89a57ccf91

Error: (02/10/2015 05:01:11 PM) (Source: MsiInstaller) (EventID: 11309) (User: LEON-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/10/2015 04:41:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891c9401d0454657a301944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe57639438-b13b-11e4-bec9-8c89a57ccf91microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/10/2015 04:32:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AfterFX.exe13.2.0.49148c01d045468c9f269716C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exef4c10deb-b139-11e4-bec9-8c89a57ccf91

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15546

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15546

Error: (02/09/2015 10:26:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2015 06:22:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(D07A244F22968FC2._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.


CodeIntegrity Errors:
===================================
  Date: 2015-02-08 17:08:20.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-02 16:45:45.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-26 19:55:02.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 12:33:18.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 21:17:08.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-30 20:23:12.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-18 20:44:25.696
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:53.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-15 20:45:52.912
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-01 19:49:40.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 4077.64 MB
Available physical RAM: 2451.35 MB
Total Pagefile: 5485.64 MB
Available Pagefile: 2907.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1422.75 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:25.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

schrauber · 11.02.2015, 07:07

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Leo98 · 11.02.2015, 14:56

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.02.2015
Suchlauf-Zeit: 14:25:15
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.11.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Leon

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365602
Verstrichene Zeit: 13 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1420, Löschen bei Neustart, [e82a1a00d1b9c571edd97ceab54b6a96]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1712, Löschen bei Neustart, [aa68b169404a94a244f155b5847ee11f]

Module: 2
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], 

Registrierungsschlüssel: 39
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [e82a1a00d1b9c571edd97ceab54b6a96], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [aa68b169404a94a244f155b5847ee11f], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [6ea40f0b1575bd79ab5936d36e956997], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [6ea40f0b1575bd79ab5936d36e956997], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [15fdbf5bec9e999dfb4b0d82a063f10f], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [c74bcf4ba9e1c175186144623ec50bf5], 
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, In Quarantäne, [de3441d9aedc270f615c976aba4bf010], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [060cf624b2d8e353dbcc9f6ade279a66], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [fb178199c8c271c5f9fd9517c043dd23], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [838faa70078394a2a9be5eae59acda26], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [d43e8397a1e9191da2c60408ac59af51], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [a2709a80d0bac67025ed55501de6cf31], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [17fbd149ddad7abcc186f2a8e2219868], 
PUP.Optional.Cinema.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.4cV10.02-nv-ie, In Quarantäne, [33dfa67453374ee8d148ffa53cc7e11f], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [957dac6e216977bf871203097e87e020], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [fc1627f30a8059dda0601ce2b054df21], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [ef231901a3e763d3998532d5ad58d62a], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 

Registrierungswerte: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [fb178199c8c271c5f9fd9517c043dd23]
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_493, In Quarantäne, [30e20614f892f5412c4ca204a16249b7], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, pcs, In Quarantäne, [a2709a80d0bac67025ed55501de6cf31]

Registrierungsdaten: 10
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[2de576a4a4e691a5ee0e823ad92ce917]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[7d95b5657119c1754eb078443acb8e72]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[2ee4d842f4968caa9766dddfb94c3cc4]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[80920911f2983105a854ceee4cb926da]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[8f83ed2d6f1bf442d32b823a9f6650b0]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[ff13a07ac4c6f93d25dc77465ca97b85]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[4bc79882d8b2c175d140b5fa54b1827e]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[59b947d32b5fa98d3dbaa21a65a0ce32]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP),Ersetzt,[848ef822eaa084b2b83e4d6f887dc937]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2382863035-827234180-2916811482-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}),Ersetzt,[888a5cbe602ab2842de31b942adbdc24]

Ordner: 39
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [54be20fab4d64ee8e9be2246b54e916f], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [54be20fab4d64ee8e9be2246b54e916f], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{52133EA5-B373-4E97-9ED2-EC7227020265}, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_497, In Quarantäne, [0a08ac6e3f4b2115f431056b778cdd23], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], 

Dateien: 119
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [e82a1a00d1b9c571edd97ceab54b6a96], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [aa68b169404a94a244f155b5847ee11f], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [f61c8694aae09f97bcb37d8b58abc43c], 
PUP.Optional.CrossRider.A, C:\Users\Leon\AppData\Roaming\ACQUPTNI.exe, In Quarantäne, [ea28a1790c7ea78fb41c31bc60a530d0], 
PUP.Optional.WindowsProtectManger.A, C:\Users\Leon\AppData\Local\Temp\~dlAD12\lxjyb\tmp\wpm_v20.0.0.1714_0204.exe, In Quarantäne, [5db5100ae6a4320417afb0b616ea18e8], 
PUP.Optional.XTab.A, C:\Users\Leon\AppData\Local\Temp\~dlAD12\lxjyb\tmp\XTab_4.0.2.1716.exe, In Quarantäne, [27eb9c7ee6a4af872f06997123df01ff], 
PUP.Optional.Amonetize, C:\Users\Leon\Downloads\Installerrir__7934_il27562.exe, In Quarantäne, [d141a1798cfef73fd7963fd6877ba65a], 
PUP.Optional.OptimizerMonitor.A, C:\Windows\Temp\OptimizerMonitor.log, In Quarantäne, [e82a91892b5f122476e929626a991ae6], 
PUP.Optional.OptimizerMonitor.A, C:\Users\Leon\AppData\Local\Temp\OptimizerMonitorr.log, In Quarantäne, [3fd354c6147605311b452e5d0df650b0], 
PUP.Optional.OptimizerMonitor.A, C:\Windows\Temp\OptimizerMonitorr.log, In Quarantäne, [51c10e0c27638babfb652368669d09f7], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [2ce662b879115cda68df17789d6658a8], 
PUP.Optional.BoostSaves.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [f1216eac533783b3ea0aff9320e3d42c], 
PUP.Optional.BoostSaves.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [d53d71a9632705317f7532605ca78779], 
PUP.Optional.OmigaPlus.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, In Quarantäne, [e9299981c1c94ceaedf2890bd92a45bb], 
PUP.Optional.OmigaPlus.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, In Quarantäne, [0b07938753377bbbfae5e6aefb0819e7], 
PUP.Optional.Boost.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [928065b5eaa06acc6f5ecae236cd3ac6], 
PUP.Optional.Boost.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [23ef5dbdeb9f93a349849b1148bbd828], 
PUP.Optional.ShoppingGate.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, In Quarantäne, [aa68a377dfabb87ebb1897243dc69967], 
PUP.Optional.ShoppingGate.A, C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, In Quarantäne, [ea280317bcce2511e2f1556605fe9967], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [30e244d6bad01c1ac08e9d6d72934db3], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [28ea1dfd2e5c48eea2ad83872fd6f907], 
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [7b971a00d8b2b185b39dc2487a8bd030], 
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [36dccc4ea2e8350153febc4e42c346ba], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [54be20fab4d64ee8e9be2246b54e916f], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, In Quarantäne, [18fa8d8d4f3b55e12554ea8062a133cd], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleCrashHandler.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdate.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateBroker.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateHelper.msi, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\GoogleUpdateOnDemand.exe, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\goopdate.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\goopdateres_en.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\npGoogleUpdate4.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\psmachine.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.GlobalUpdate.A, C:\Users\Leon\AppData\Local\Temp\comh.20758\psuser.dll, In Quarantäne, [40d2df3b068495a1efa6b3b756ad37c9], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [030f0614ff8b0c2a63e40a7b53b07f81], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 11/02/2015 um 14:47:15
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 8.1 Pro with Media Center  (x64)
# Benutzername : Leon - LEON-PC
# Gestarted von : C:\Users\Leon\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mipony
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Leon\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\omiga-plus

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\zcln
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.111

[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_33_ch&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyB0C0C0FzytCtA0C0CtDtN0D0Tzu0SzyyCtDtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0B0A0AyBtA0AtGtB0FyByBtGzztC0BtBtGtD0Bzz0EtGtC0F0B0CyE0CzytCyE0DyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtA0FtB0C0AtDyEtGyBtDtCzztGzzzztBtCtG0AtC0D0AtGtC0C0DyDzzzyyE0AzytBzytA2Q&cr=441309099&ir=
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M193D26AD-95BD-40C1-A615-A22F4F1518D3&SearchSource=58&CUI=&UM=5&UP=SP28987AA1-9CFA-471B-B61D-240F239A1E83&q={searchTerms}&SSPV=
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411319718&from=adks&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}
[C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP&q={searchTerms}

*************************

AdwCleaner[R0].txt - [9164 Bytes] - [11/02/2015 14:45:54]
AdwCleaner[S0].txt - [8586 Bytes] - [11/02/2015 14:47:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8645  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Leon on 11.02.2015 at 14:53:14,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.02.2015 at 14:54:54,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber · 11.02.2015, 18:15

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Leo98 · 12.02.2015, 21:29

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4fc6cc42748aa94f9995e6dede2d5879
# engine=22440
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-12 08:07:15
# local_time=2015-02-12 09:07:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 17696 14075954 0 0
# scanned=329157
# found=20
# cleaned=0
# scan_time=13724
sh=EC152DB78759E78E4D634D9222DE29C5451D3D76 ft=1 fh=f70a15741e47e0ce vn="Win32/OutBrowse.BK evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe"
sh=43A205985790C47A7E611FA2D3CAB9B4EB59121F ft=1 fh=5bd497922ffc5928 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll"
sh=1B2801DD02E9D9B7F27789ED161BC1761943E921 ft=1 fh=8073091e54552e56 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=3A9D7D4639B5EB8BEC42DF972C44493690EAADFC ft=1 fh=b8a59cf28e1dc165 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll"
sh=A24B9FB4F38473ECAC32B472CCE9B3491B81726C ft=1 fh=c71c0011b420df55 vn="Variante von Win32/BrowserCompanion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe"
sh=C4A83F072A746A531C277727DE017D0A3E1B9442 ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js"
sh=4AC8995EDD956B8C3442B0A8B2E7EE8BE4AC4BEE ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx"
sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll"
sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll"
sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll"
sh=7B11CAE5296ABC9F6B157CB4031827F721F0EDD3 ft=1 fh=c71c0011164ada32 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll"
sh=404CCDD0C1EAD3AC4E636BB0CACF6A5B0558EDDD ft=1 fh=50f7a819ca7f850c vn="Variante von Win32/BrowserCompanion.H evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe"
sh=A0E2A4E3C4F0BFCBAC9805BABA709DD2D625B65D ft=1 fh=0505f67e965a9861 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe"
sh=E7C62B2DB2C2352023E3594E74BE375EE07C4B08 ft=1 fh=740a210c344b6187 vn="Variante von Win32/Adware.ConvertAd.AA Anwendung" ac=I fn="C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\AppData\Roaming\ACQUPTNI"
sh=D49BDDFF4D216D33A354DE7A38EEBD3D216DB62F ft=1 fh=6f7f43a0543eb285 vn="Variante von Win32/InstallCore.VW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe"
sh=3837DCC6FC0D2C7D2CD6765EE18175468E314815 ft=1 fh=404bf2cda126427a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Tools\MEDION MediaPack 2\Setup.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Leon (administrator) on LEON-PC on 12-02-2015 21:25:58
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
() C:\Users\Leon\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:25 - 2015-02-12 21:25 - 00000000 ____D () C:\Users\Leon\Desktop\FRST-OlderVersion
2015-02-12 21:15 - 2015-02-12 21:15 - 00852594 _____ () C:\Users\Leon\Desktop\SecurityCheck.exe
2015-02-12 17:31 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 17:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 17:31 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 17:18 - 2015-02-12 17:18 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 17:13 - 2015-02-12 17:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-12 17:12 - 2015-02-12 17:13 - 02347384 _____ (ESET) C:\Users\Leon\Desktop\esetsmartinstaller_deu.exe
2015-02-11 14:58 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:58 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:58 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:58 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:58 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:58 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:58 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:58 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:58 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:58 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:58 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:58 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:58 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:58 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:58 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:58 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 14:57 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 14:57 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 14:57 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 14:57 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:57 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:57 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:57 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:57 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:57 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:57 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:57 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:57 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:57 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:57 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:57 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:57 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:57 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:57 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:57 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:57 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:57 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:57 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:57 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:57 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:57 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:57 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:57 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:57 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:57 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:57 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 14:57 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 14:57 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 14:57 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 14:57 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:57 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:57 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:54 - 2015-02-11 14:54 - 00000692 _____ () C:\Users\Leon\Desktop\JRT.txt
2015-02-11 14:52 - 2015-02-11 14:52 - 01388274 _____ (Thisisu) C:\Users\Leon\Desktop\JRT.exe
2015-02-11 14:45 - 2015-02-11 14:47 - 00000000 ____D () C:\AdwCleaner
2015-02-11 14:45 - 2015-02-11 14:45 - 02112512 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.110.exe
2015-02-11 14:39 - 2015-02-11 14:39 - 00033499 _____ () C:\Users\Leon\Desktop\mbam.txt
2015-02-11 14:24 - 2015-02-11 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 14:24 - 2015-02-11 14:24 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-11 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-11 14:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-11 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-11 14:22 - 2015-02-11 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-10 18:19 - 2015-02-10 18:20 - 00035355 _____ () C:\Users\Leon\Desktop\Addition.txt
2015-02-10 18:18 - 2015-02-12 21:25 - 02134016 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-02-10 18:18 - 2015-02-12 21:25 - 00018563 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-02-10 18:18 - 2015-02-12 21:25 - 00000000 ____D () C:\FRST
2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434}
2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D}
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software
2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-10 17:01 - 2015-02-12 17:05 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job
2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI
2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm
2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren
2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk
2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-31 17:34 - 2015-01-31 17:34 - 00759608 _____ ( ) C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe
2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt
2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe
2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK
2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:25 - 2013-11-26 19:08 - 01302601 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:17 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-02-12 21:11 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-02-12 21:07 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-02-12 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-12 20:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 20:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 17:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 17:18 - 2014-09-21 18:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 17:09 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive
2015-02-12 17:07 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-02-12 17:07 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-02-12 17:07 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-12 17:06 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 17:05 - 2013-08-22 15:46 - 00346092 _____ () C:\WINDOWS\setupact.log
2015-02-12 17:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-12 17:04 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 16:14 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 16:13 - 2014-12-11 17:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 16:13 - 2014-07-13 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 15:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 14:48 - 2013-09-29 20:05 - 00122852 _____ () C:\WINDOWS\PFRO.log
2015-02-11 14:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-02-10 20:46 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-02-10 20:37 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini
2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon
2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe
2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe
2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe
2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele
2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help
2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule
2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Leon\AppData\Roaming\ACQUPTNI
2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Leon\AppData\Local\Temp\ksjdr8nb.dll
C:\Users\Leon\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Leon\AppData\Local\Temp\Quarantine.exe
C:\Users\Leon\AppData\Local\Temp\SpOrder.dll
C:\Users\Leon\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-12 21:08

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Ja also ich habe immer noch diese doofe Seite isearch.omega-plus.com auf meinem Browser als Startseite!! Ich nutze google Chrome

schrauber · 13.02.2015, 07:11

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe

C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx

C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll

C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe

C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe

C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe

C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp

C:\Users\Leon\AppData\Roaming\ACQUPTNI

C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe

C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe

D:\Tools\MEDION MediaPack 2\Setup.exe
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP"
S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X]
S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X]
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte. Was macht Chrome?

Leo98 · 15.02.2015, 21:13

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Leon (administrator) on LEON-PC on 15-02-2015 21:11:24
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2382863035-827234180-2916811482-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha582\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha666\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6792\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release1053\ff [Not Found]

Chrome: 
=======
CHR Profile: C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [cgfjmjikpifldhhealodkfifokhbagcm] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta576\ch\VideoPlayerV3beta576.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cploeijpnfbpcdomjmfgchlfgbennncn] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5512\ch\MediaViewV1alpha5512.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fgkebcoamghomfiajpbllppihcjgjkbb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3481\ch\MediaViewV1alpha3481.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jjalkigbjoajjokfnmepdiknfmpbdpjo] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1068\ch\MediaViewerV1alpha1068.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leldcecnejhenamkemkecblolkahkbei] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta10961\ch\VideoPlayerV3beta10961.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngcmhddamaepplokdinlhhhflhnakhbe] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8091\ch\MediaWatchV1home8091.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-25] (Emsisoft GmbH)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:25 - 2015-02-15 21:04 - 00000000 ____D () C:\Users\Leon\Desktop\FRST-OlderVersion
2015-02-12 21:15 - 2015-02-12 21:15 - 00852594 _____ () C:\Users\Leon\Desktop\SecurityCheck.exe
2015-02-12 17:31 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 17:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 17:31 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 17:19 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 17:18 - 2015-02-12 17:19 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 17:18 - 2015-02-12 17:18 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 17:12 - 2015-02-12 17:13 - 02347384 _____ (ESET) C:\Users\Leon\Desktop\esetsmartinstaller_deu.exe
2015-02-11 14:58 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:58 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:58 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:58 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:58 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:58 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:58 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:58 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:58 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:58 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:58 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:58 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:58 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:58 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:58 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:58 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:58 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 14:57 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 14:57 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 14:57 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 14:57 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 14:57 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:57 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:57 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:57 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:57 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:57 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:57 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:57 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:57 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:57 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:57 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:57 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:57 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:57 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:57 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:57 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:57 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:57 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:57 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:57 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:57 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:57 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:57 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:57 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:57 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:57 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:57 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:57 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:57 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:57 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:57 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:57 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:57 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:57 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:57 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:57 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 14:57 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 14:57 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 14:57 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 14:57 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:57 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:57 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:57 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:57 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:54 - 2015-02-11 14:54 - 00000692 _____ () C:\Users\Leon\Desktop\JRT.txt
2015-02-11 14:52 - 2015-02-11 14:52 - 01388274 _____ (Thisisu) C:\Users\Leon\Desktop\JRT.exe
2015-02-11 14:45 - 2015-02-11 14:47 - 00000000 ____D () C:\AdwCleaner
2015-02-11 14:45 - 2015-02-11 14:45 - 02112512 _____ () C:\Users\Leon\Desktop\AdwCleaner_4.110.exe
2015-02-11 14:39 - 2015-02-11 14:39 - 00033499 _____ () C:\Users\Leon\Desktop\mbam.txt
2015-02-11 14:24 - 2015-02-11 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 14:24 - 2015-02-11 14:24 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-11 14:24 - 2015-02-11 14:24 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-11 14:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-11 14:24 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-11 14:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-11 14:22 - 2015-02-11 14:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-10 18:19 - 2015-02-10 18:20 - 00035355 _____ () C:\Users\Leon\Desktop\Addition.txt
2015-02-10 18:18 - 2015-02-15 21:11 - 00017632 _____ () C:\Users\Leon\Desktop\FRST.txt
2015-02-10 18:18 - 2015-02-15 21:11 - 00000000 ____D () C:\FRST
2015-02-10 18:18 - 2015-02-15 21:04 - 02085888 _____ (Farbar) C:\Users\Leon\Desktop\FRST64.exe
2015-02-10 17:16 - 2015-02-10 17:16 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{09F2AA2A-27B0-4CBC-A144-E8CF57EAF434}
2015-02-10 17:14 - 2015-02-10 17:14 - 00003078 _____ () C:\WINDOWS\System32\Tasks\{2F9E877F-B4D9-4267-B25B-0CA46AD9EE8D}
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Opera Software
2015-02-10 17:04 - 2015-02-10 17:05 - 00000000 ____D () C:\Users\Leon\AppData\Local\Opera Software
2015-02-10 17:02 - 2015-02-10 17:05 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-10 17:01 - 2015-02-15 21:08 - 00001698 _____ () C:\WINDOWS\Tasks\ACQUPTNI.job
2015-02-10 17:01 - 2015-02-10 17:01 - 00004700 _____ () C:\WINDOWS\System32\Tasks\ACQUPTNI
2015-02-10 16:42 - 2015-02-10 16:42 - 00045216 _____ () C:\Users\Leon\Downloads\Belegung_am_Kepler_2015_17 mit Wirtschaftsinformatik.xlsm
2015-02-09 17:52 - 2015-02-09 17:52 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-09 17:22 - 2015-02-09 17:22 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2015-02-08 22:29 - 2015-02-08 22:29 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-02-08 22:02 - 2015-02-08 22:02 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2015-02-08 21:39 - 2015-02-08 21:39 - 00001126 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2015-02-08 21:07 - 2015-02-08 21:07 - 00001321 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-02-06 22:01 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\Documents\Programmieren
2015-02-06 21:58 - 2015-02-06 22:18 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:58 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks
2015-02-06 21:57 - 2015-02-06 21:57 - 00001107 _____ () C:\Users\Leon\Desktop\CodeBlocks.lnk
2015-02-06 21:57 - 2015-02-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-02-06 21:54 - 2015-02-06 21:56 - 100600973 _____ (The Code::Blocks Team) C:\Users\Leon\Downloads\codeblocks-12.11mingw-setup.exe
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-02 16:23 - 2015-02-02 16:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-26 19:44 - 2015-01-26 19:45 - 00001166 _____ () C:\DelFix.txt
2015-01-26 19:44 - 2015-01-26 19:44 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-26 19:42 - 2015-01-26 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-26 19:42 - 2015-01-26 19:41 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-26 19:41 - 2015-01-26 19:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 19:40 - 2015-01-26 19:40 - 00639400 _____ (Oracle Corporation) C:\Users\Leon\Downloads\chromeinstall-8u31.exe
2015-01-25 22:06 - 2015-01-25 22:06 - 00000000 ____D () C:\EEK
2015-01-25 22:01 - 2015-01-25 22:05 - 168701056 _____ () C:\Users\Leon\Downloads\EmsisoftEmergencyKit.exe
2015-01-25 19:13 - 2015-01-25 19:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 19:09 - 2015-01-25 19:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Leon\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 18:07 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 18:07 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 18:07 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 18:07 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 18:07 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 18:07 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 18:07 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 18:07 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 17:57 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 17:57 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 17:57 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 17:57 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 17:57 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 17:57 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 17:57 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 17:57 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 17:57 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-20 13:16 - 2015-01-20 13:16 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 21:10 - 2014-04-12 16:32 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 21:10 - 2014-03-10 15:40 - 00000000 ___DO () C:\Users\Leon\SkyDrive
2015-02-15 21:10 - 2013-12-18 16:13 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Skype
2015-02-15 21:10 - 2013-10-01 15:09 - 00000000 ____D () C:\Users\Leon\AppData\Local\Adobe
2015-02-15 21:08 - 2014-11-18 23:16 - 00000000 ____D () C:\Users\Leon\AppData\Local\LogMeIn Hamachi
2015-02-15 21:08 - 2013-08-22 15:46 - 00346323 _____ () C:\WINDOWS\setupact.log
2015-02-15 21:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 21:08 - 2013-07-15 15:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-15 21:07 - 2013-09-29 20:05 - 00123680 _____ () C:\WINDOWS\PFRO.log
2015-02-15 21:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 21:05 - 2013-11-26 19:08 - 01419499 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 21:00 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\UseNeXT
2015-02-15 20:59 - 2014-05-13 14:41 - 00000000 ____D () C:\Users\Leon\Documents\UseNeXT
2015-02-15 20:58 - 2013-11-26 20:18 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6EF7ABD-A2A8-4971-A471-E9D91CE51F45}
2015-02-12 21:45 - 2014-04-12 16:32 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 21:43 - 2013-10-01 15:10 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-12 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:11 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 21:07 - 2012-11-04 11:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382863035-827234180-2916811482-1001
2015-02-12 17:18 - 2014-09-21 18:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 17:04 - 2013-08-22 15:44 - 05136704 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 16:13 - 2014-12-11 17:42 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 16:13 - 2014-07-13 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 15:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 14:41 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-02-10 18:16 - 2013-09-30 05:14 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 18:16 - 2013-09-30 04:58 - 00767850 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-10 18:16 - 2013-09-30 04:58 - 00160170 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-10 17:07 - 2014-04-12 17:23 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-10 16:56 - 2014-11-16 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 16:55 - 2013-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-10 16:54 - 2013-11-26 18:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-10 16:53 - 2013-09-30 05:00 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-10 16:53 - 2013-08-22 14:25 - 00000207 _____ () C:\WINDOWS\win.ini
2015-02-10 16:52 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-09 22:26 - 2013-11-26 19:12 - 00000000 ____D () C:\Users\Leon
2015-02-09 18:34 - 2014-08-17 14:47 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\vlc
2015-02-09 17:21 - 2012-11-04 11:37 - 00000000 ____D () C:\Users\Leon\AppData\Roaming\Adobe
2015-02-09 17:19 - 2013-12-23 21:12 - 00000000 ____D () C:\Program Files\Adobe
2015-02-09 17:19 - 2013-12-23 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-08 22:42 - 2013-10-10 15:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-08 22:41 - 2013-10-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-08 22:27 - 2013-10-09 15:49 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-08 22:06 - 2013-10-10 15:34 - 00000000 ____D () C:\Users\Leon\Documents\Adobe
2015-02-08 21:07 - 2014-02-26 16:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 21:07 - 2013-12-23 20:19 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-02-08 21:01 - 2014-01-10 17:38 - 00000000 ____D () C:\Users\Leon\Documents\Spiele
2015-02-08 13:40 - 2014-04-12 16:32 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 13:40 - 2014-04-12 16:32 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 15:43 - 2013-10-01 15:10 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:56 - 2014-11-16 18:08 - 00000000 ____D () C:\Users\Leon\AppData\Local\Microsoft Help
2015-02-03 20:31 - 2014-11-16 17:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-16 17:59 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 16:32 - 2014-05-13 14:47 - 00000000 ____D () C:\Users\Leon\Documents\Schule
2015-02-01 14:14 - 2013-08-28 17:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-01 14:11 - 2012-12-13 17:30 - 113365784 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-26 19:41 - 2013-11-27 20:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 19:31 - 2014-01-30 11:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 19:28 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-25 19:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas
2015-01-25 15:32 - 2014-08-25 16:32 - 00000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2015-01-25 15:26 - 2015-01-06 19:51 - 00031355 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-25 15:23 - 2015-01-06 19:47 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings

==================== Files in the root of some directories =======

2014-08-25 16:32 - 2015-01-25 15:32 - 0000189 _____ () C:\Users\Leon\AppData\Roaming\WB.CFG
2013-04-23 15:37 - 2013-04-25 14:25 - 0004608 _____ () C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-04 16:32 - 2014-12-18 20:32 - 0000010 _____ () C:\Users\Leon\AppData\Local\DSI.DAT
2014-12-04 16:32 - 2014-12-04 16:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup2482016872.exe
2014-12-18 20:32 - 2014-12-18 20:32 - 0022528 _____ () C:\Users\Leon\AppData\Local\dsisetup6149092032.exe
2012-11-04 17:17 - 2012-11-04 18:32 - 0001511 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-12 21:08

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Leon at 2015-02-15 21:04:50 Run:1
Running from C:\Users\Leon\Desktop
Loaded Profiles: Leon (Available profiles: Leon)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll

C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe

C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx

C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll

C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe

C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll

C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe

C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe

C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp

C:\Users\Leon\AppData\Roaming\ACQUPTNI

C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe

C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe

D:\Tools\MEDION MediaPack 2\Setup.exe
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57889;https=127.0.0.1:57889
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423584674&from=pcs&uid=ST2000DL003-9VT166_5YD61RRPXXXX5YD61RRP"
S2 tuquzini; C:\Users\Leon\AppData\Roaming\VOPackage\nsx426C.tmpfs [X]
S2 serverjo; C:\Users\Leon\AppData\Roaming\VOPackage\JOSrv.exe [X]
Emptytemp:
         
*****************

C:\$Recycle.Bin\S-1-5-21-2382863035-827234180-2916811482-1001\$RTFJK06\Codec\Setup.exe => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\BExternal.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\IECookieLow.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Local\Babylon\Setup\Setup.exe => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Local\Temp\SQLite.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\LocalLow\bbrs_002.tb\content\witmain.js => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll => Moved successfully.
C:\Backup My Data\Leon Zihang\AppData\Roaming\BrowserCompanion\tcbhn.exe => Moved successfully.
C:\Backup My Data\Leon Zihang\schule\sonstiges\SoftonicDownloader_fuer_7-zip.exe => Moved successfully.
C:\Users\Leon\AppData\Local\Temp\nsg121B.tmp => Moved successfully.
C:\Users\Leon\AppData\Roaming\ACQUPTNI => Moved successfully.
C:\Users\Leon\Downloads\installer_adobe_flash_player_English.exe => Moved successfully.
C:\Users\Leon\Musikdateien\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter31126.exe => Moved successfully.
D:\Tools\MEDION MediaPack 2\Setup.exe => Moved successfully.
"C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL" => Value Data removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Chrome StartupUrls deleted successfully.
tuquzini => Service deleted successfully.
serverjo => Service deleted successfully.
EmptyTemp: => Removed 3.3 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:05:30 ====

Alles Sauber!!!! Mega Großen Dank!!

schrauber · 16.02.2015, 17:53

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Leo98 · 17.02.2015, 00:07

Perfekt Daaaaaaankeee!!

schrauber · 17.02.2015, 17:35

Gern Geschehen

17.02.2015, 17:35	#12
schrauber /// the machine /// TB-Ausbilder	Entfernung nerviger Programme! Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Entfernung nerviger Programme!

Plagegeister aller Art und deren Bekämpfung: Entfernung nerviger Programme!