Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Internet öffnet immer neue tabs mit Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.12.2014, 16:13   #1
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Hey Leute, ich hoffe ihr könnt mir helfen Ich habe eine Datei runtergeladen und leider dabei noch andere sachen mit ... Nun habe ich den Salat und ich bekomme es einfach nicht weg, hoffe ihr könnt mir helfen. ( bin neu hier )

LG

Alt 24.12.2014, 17:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.12.2014, 17:11   #3
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Ich (administrator) on KRISTIAN on 24-12-2014 17:07:17
Running from C:\Users\Ich\Downloads
Loaded Profiles: Ich & kobol_000 (Available profiles: Ich & kobol_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\slsvc.exe
() C:\Windows\PersonalizeEnabler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Ich\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe
(Akamai Technologies, Inc.) C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [1277128 2014-05-02] (MK)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Spotify Web Helper] => C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [HS TOOL] => C:\Program Files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe [884424 2014-11-14] (Hs Tool)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Spotify] => C:\Users\Ich\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [nvhlpr] => C:\Users\Ich\AppData\Local\ContextTrue\nvhlpr.exe [601584 2014-07-11] ()
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [cnthlpr] => C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe [601584 2014-07-11] ()
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [SwvUpdtr] => C:\Users\Ich\AppData\Local\24759\Updater.exe [773632 2014-12-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3979035309-3685434384-2670183491-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.speedlounge.in/download/last
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3979035309-3685434384-2670183491-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3979035309-3685434384-2670183491-1004 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3979035309-3685434384-2670183491-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3979035309-3685434384-2670183491-1004 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3979035309-3685434384-2670183491-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default
FF DefaultSearchEngine: Yahoo DE
FF SelectedSearchEngine: Yahoo DE
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\abs@avira.com [2014-12-24]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome: 
=======
CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Google Search) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Gmail) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 serverca; C:\Users\Ich\AppData\Local\ConvertAd\CASrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-01] (LogMeIn Inc.)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 17:06 - 2014-12-24 17:07 - 00017167 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-12-24 17:06 - 2014-12-24 17:07 - 00000000 ____D () C:\FRST
2014-12-24 17:06 - 2014-12-24 17:06 - 02122240 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-12-24 16:06 - 2014-12-24 16:06 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-12-24 16:02 - 2014-12-24 16:02 - 02173952 _____ () C:\Users\Ich\Downloads\adwcleaner_4.106 (1).exe
2014-12-24 15:59 - 2014-12-24 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-24 15:58 - 2014-12-24 15:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-24 15:53 - 2014-12-24 16:14 - 123540231 _____ () C:\Users\Ich\Downloads\X15-65741.iso.crdownload
2014-12-24 15:37 - 2014-12-24 15:37 - 00001442 _____ () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 15:23 - 2014-12-24 15:57 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-24 15:22 - 2014-12-24 15:22 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-24 15:22 - 2014-12-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-24 15:21 - 2014-12-24 16:26 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 15:21 - 2014-12-24 16:19 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 15:21 - 2014-12-24 15:21 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-24 15:21 - 2014-12-24 15:21 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-24 15:19 - 2014-12-24 15:19 - 00871360 _____ () C:\Users\Ich\Downloads\google_chrome.exe
2014-12-24 15:14 - 2014-12-24 15:13 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-24 15:12 - 2014-12-24 15:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Avira
2014-12-24 15:12 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\Windows\system32\abengine64.dll
2014-12-24 15:12 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2014-12-24 14:37 - 2014-12-24 16:15 - 00000000 ____D () C:\AdwCleaner
2014-12-24 14:37 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-24 14:37 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-24 14:37 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-24 14:36 - 2014-12-24 14:36 - 02173952 _____ () C:\Users\Ich\Downloads\adwcleaner_4.106.exe
2014-12-24 14:35 - 2014-12-24 14:35 - 00000000 ____D () C:\Users\Ich\AppData\Local\24759
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-24 14:27 - 2014-12-24 14:27 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Ich\Downloads\avira_de_av___ws.exe
2014-12-24 14:27 - 2014-12-24 14:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 14:25 - 2014-12-24 14:25 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kristian-Ich
2014-12-24 14:25 - 2014-12-24 14:25 - 00000112 ____H () C:\A459BAE54B93
2014-12-24 14:25 - 2014-12-24 14:25 - 00000040 ____H () C:\5B0AE88E56FC
2014-12-24 14:25 - 2014-12-24 14:25 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-24 14:25 - 2014-12-24 14:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____D () C:\Users\Ich\AppData\Local\Sparta
2014-12-24 14:22 - 2014-12-24 14:22 - 108640372 _____ () C:\Users\Ich\Downloads\PhotoShop CS6 Crack SkaZinKiN.rar
2014-12-24 14:22 - 2011-12-29 22:51 - 00000000 ____D () C:\Users\Ich\Desktop\photoshop cs6
2014-12-24 14:13 - 2014-12-24 16:18 - 00001340 _____ () C:\Windows\Tasks\BW.job
2014-12-24 14:13 - 2014-12-24 14:13 - 00004340 _____ () C:\Windows\System32\Tasks\BW
2014-12-24 14:12 - 2014-12-24 16:18 - 00001694 _____ () C:\Windows\Tasks\BCZQOTW.job
2014-12-24 14:12 - 2014-12-24 14:13 - 00000000 ____D () C:\Program Files (x86)\db698c94-f0f9-4cbe-95bb-3e7396d3dbb7
2014-12-24 14:12 - 2014-12-24 14:12 - 00004696 _____ () C:\Windows\System32\Tasks\BCZQOTW
2014-12-24 14:12 - 2014-12-24 14:12 - 00000000 ____D () C:\Users\Ich\AppData\Local\ContextTrue
2014-12-24 14:11 - 2014-12-24 14:31 - 00004704 _____ () C:\Windows\SysWOW64\abengine.ini
2014-12-24 14:11 - 2014-12-24 14:31 - 00002608 _____ () C:\Windows\SysWOW64\abengineOff.ini
2014-12-24 14:11 - 2014-12-24 14:31 - 00002608 _____ () C:\Windows\system32\abengineOff.ini
2014-12-24 14:10 - 2014-12-24 16:20 - 00000000 ____D () C:\Program Files (x86)\Flwsrf
2014-12-24 14:10 - 2014-12-24 14:10 - 00573632 _____ () C:\Users\Ich\Downloads\Menu__6629_i1430428382_il467025.exe
2014-12-24 14:10 - 2014-12-24 14:10 - 00003082 _____ () C:\Windows\System32\Tasks\upfs7235
2014-12-24 14:10 - 2014-12-24 14:10 - 00000000 ____D () C:\Program Files (x86)\pre_installer_de
2014-12-24 14:04 - 2014-12-24 14:04 - 00573632 _____ () C:\Users\Ich\Downloads\Menu__6629_i1430423469_il467025.exe
2014-12-21 12:40 - 2014-12-21 12:40 - 12495254 _____ () C:\Users\Ich\Downloads\tPC Parkour Ver 2.2.zip
2014-12-21 12:33 - 2014-12-24 16:34 - 00000000 ____D () C:\Program Files (x86)\Photo Enlarge
2014-12-21 12:33 - 2014-12-24 14:39 - 00000000 ____D () C:\Program Files (x86)\YoutuBeAduBloCKe
2014-12-21 12:32 - 2014-12-24 14:39 - 00000000 ____D () C:\Program Files (x86)\PrIceChop
2014-12-21 12:32 - 2014-12-21 12:32 - 00000000 ____D () C:\ProgramData\fcfkciaojmeemnpdfhehfchkaaicjecd
2014-12-21 12:32 - 2014-12-21 12:32 - 00000000 ____D () C:\Program Files (x86)\PriceChoop
2014-12-21 12:31 - 2014-12-21 12:31 - 01254256 _____ () C:\Users\Ich\Downloads\minecraftdl_9950.exe
2014-12-20 21:36 - 2014-12-20 21:38 - 28535909 _____ () C:\Users\Ich\Downloads\WynnCraft.zip
2014-12-14 16:06 - 2014-12-14 16:06 - 07518634 _____ () C:\Users\Ich\Downloads\OBS_0_638b_Installer (1).exe
2014-12-09 13:47 - 2014-12-09 13:48 - 13554590 _____ () C:\Users\Ich\Downloads\Kobe vs Messi- Legends on Board - Turkish Airlines.mp4
2014-12-08 20:37 - 2014-12-08 20:38 - 06298840 _____ () C:\Users\Ich\Downloads\Background music -- Hintergrundmusik.mp4
2014-12-08 20:36 - 2014-12-08 20:36 - 14673168 _____ () C:\Users\Ich\Downloads\Youtube Videos kostenlos ohne Programm DOWNLOADEN! [TUT] [GERMAN].mp4
2014-12-08 20:31 - 2014-12-08 20:32 - 02263435 _____ () C:\Users\Ich\Downloads\videoplayback (4)
2014-12-08 20:30 - 2014-12-08 20:30 - 00946397 _____ () C:\Users\Ich\Downloads\videoplayback (3)
2014-12-08 16:39 - 2014-12-08 16:39 - 10420256 _____ (CCCP Project ) C:\Users\Ich\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2014-12-08 16:33 - 2014-12-08 16:33 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-12-08 16:32 - 2014-12-08 16:37 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WindSolutions
2014-12-08 16:32 - 2014-12-08 16:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-08 16:32 - 2014-12-08 16:32 - 05102256 _____ (WindSolutions) C:\Users\Ich\Downloads\Install_CopyTransControlCenter.exe
2014-12-08 16:11 - 2014-12-08 16:24 - 00023906 _____ () C:\Windows\SysWOW64\msrsb04.dll
2014-12-08 16:11 - 2014-12-08 16:11 - 04143696 _____ (Marx Software ) C:\Users\Ich\Downloads\IDMSetup_4.5.0.3.exe
2014-12-08 16:11 - 2014-12-08 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-12-07 18:16 - 2014-12-07 18:16 - 00128402 _____ () C:\Users\Ich\Downloads\DamageIndicators[1.4.7]2.4.8.zip
2014-12-07 18:10 - 2014-12-07 18:10 - 00307390 _____ () C:\Users\Ich\Downloads\1.6.4 DamageIndicatorsv2.9.2.4.zip
2014-12-07 18:10 - 2014-12-07 18:10 - 00000000 ____D () C:\Users\Ich\AppData\Local\LogMeIn
2014-12-07 18:10 - 2014-12-07 18:10 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-07 18:08 - 2014-12-07 18:08 - 08536064 _____ () C:\Users\Ich\Downloads\hamachi279.msi
2014-12-07 15:31 - 2014-12-07 15:31 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StunlockStudios
2014-12-07 14:10 - 2014-12-07 14:10 - 00082064 _____ () C:\Users\Ich\Downloads\DamageIndicatorsMod1.4.6.zip
2014-12-07 13:07 - 2014-12-07 13:07 - 00000222 _____ () C:\Users\Ich\Desktop\Dead Island Epidemic.url
2014-12-06 16:48 - 2014-12-06 16:49 - 00000000 ____D () C:\Users\Ich\Downloads\divinerpg
2014-12-06 16:06 - 2014-12-24 13:46 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Craften Terminal
2014-12-06 16:05 - 2014-12-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal
2014-12-06 16:05 - 2014-12-06 16:05 - 00001107 _____ () C:\Users\Public\Desktop\Craften Terminal.lnk
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
2014-12-06 16:04 - 2014-12-06 16:05 - 17033651 _____ (Craften.de ) C:\Users\Ich\Downloads\craftenterminal.exe
2014-12-06 15:58 - 2014-12-06 15:58 - 02269863 _____ () C:\Users\Ich\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-12-06 15:55 - 2014-12-06 15:56 - 14731653 _____ () C:\Users\Ich\Downloads\[1.6.4][Beta V6.1]DivineRPG.zip
2014-12-06 15:55 - 2014-12-06 15:55 - 00000243 _____ () C:\Users\Ich\Downloads\DivineRPG-Link.zip
2014-12-06 15:17 - 2014-12-06 15:17 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-12-06 15:17 - 2014-12-06 15:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-12-05 15:20 - 2014-12-05 15:20 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-05 15:19 - 2014-12-05 15:20 - 31029672 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jre-7u71-windows-x64.exe
2014-12-05 14:53 - 2014-12-05 14:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\java
2014-12-05 14:08 - 2014-12-05 14:08 - 19934576 _____ () C:\Users\Ich\Downloads\DrakensangOnlineSetup (1).exe
2014-12-05 14:08 - 2014-12-05 14:08 - 00001972 _____ () C:\Users\Ich\Desktop\Drakensang Online.lnk
2014-12-05 14:08 - 2014-12-05 14:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-12-05 14:08 - 2014-12-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2014-12-05 14:01 - 2014-12-05 14:04 - 92658088 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jre-8u25-windows-x64.exe
2014-12-05 13:59 - 2014-12-05 13:59 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25 (2).exe
2014-12-05 13:57 - 2014-12-05 13:57 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25 (1).exe
2014-12-05 13:55 - 2014-12-05 13:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-05 13:52 - 2014-12-05 13:52 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25.exe
2014-12-05 06:22 - 2014-12-06 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-05 06:22 - 2014-12-05 06:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo
2014-12-05 06:20 - 2014-12-05 06:26 - 00000000 ____D () C:\FFOutput
2014-12-05 06:20 - 2014-12-05 06:20 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-05 06:20 - 2014-11-07 16:13 - 31417672 _____ (AVM Software Inc.) C:\Users\Ich\Documents\pal_install_a4650_r131001_p127000.exe
2014-12-05 06:19 - 2014-12-05 06:19 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-05 06:17 - 2014-12-05 06:19 - 56201784 _____ (Free Time) C:\Users\Ich\Downloads\FFSetup3.5.0.0.exe
2014-12-04 21:23 - 2014-12-04 21:23 - 13537227 _____ () C:\Users\Ich\Downloads\videoplayback (2)
2014-12-04 21:22 - 2014-12-04 21:23 - 18563916 _____ () C:\Users\Ich\Downloads\videoplayback (1)
2014-12-04 21:21 - 2014-12-04 21:22 - 18563916 _____ () C:\Users\Ich\Downloads\videoplayback
2014-12-04 19:54 - 2014-12-04 19:54 - 00078514 _____ () C:\Users\Ich\Downloads\Farbbalken mit Ton (PAL).mp4
2014-12-04 19:02 - 2014-12-04 19:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\TechSmith
2014-12-04 19:01 - 2014-12-09 13:54 - 00000000 ____D () C:\Users\Ich\Documents\Camtasia Studio
2014-12-04 19:01 - 2014-12-04 19:01 - 00000000 ____D () C:\Users\Ich\AppData\Local\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-04 18:50 - 2014-12-04 18:57 - 257705272 _____ () C:\Users\Ich\Downloads\camtasiade844.exe
2014-12-04 18:49 - 2014-12-04 18:49 - 00139984 _____ () C:\Users\Ich\Downloads\camtasia crack.zip
2014-12-04 17:57 - 2014-12-04 17:57 - 00240164 _____ () C:\Users\Ich\Downloads\Neue Aufnahme.m4a
2014-12-01 18:26 - 2014-12-01 18:26 - 00001164 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-12-01 15:51 - 2014-12-01 15:51 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-11-30 16:34 - 2014-12-03 16:52 - 00000000 ____D () C:\Users\Ich\Downloads\direwolf20_17
2014-11-30 15:09 - 2014-11-30 15:09 - 00000000 ____D () C:\Users\Ich\Downloads\MagicFarm2
2014-11-30 14:19 - 2014-11-30 14:19 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Trove
2014-11-30 11:14 - 2014-11-30 11:14 - 00001865 _____ () C:\Users\Ich\Desktop\Trove.lnk
2014-11-30 11:07 - 2014-11-30 11:09 - 31884400 _____ (Trion Worlds Inc.) C:\Users\Ich\Downloads\GlyphInstall-0-131.exe
2014-11-29 13:50 - 2014-11-29 13:51 - 00000000 ____D () C:\Users\Ich\Downloads\FTBLite
2014-11-29 13:39 - 2014-11-29 13:51 - 00000000 ____D () C:\Users\Ich\Downloads\assets
2014-11-29 13:39 - 2014-11-29 13:50 - 00000000 ____D () C:\Users\Ich\Downloads\versions
2014-11-29 13:39 - 2014-11-29 13:40 - 00000000 ____D () C:\Users\Ich\Downloads\libraries
2014-11-29 13:37 - 2014-11-29 13:44 - 00000000 ____D () C:\Users\Ich\Downloads\FTBMageQuest
2014-11-29 13:35 - 2014-12-07 18:13 - 00000000 ____D () C:\Users\Ich\AppData\Local\ftblauncher
2014-11-29 13:35 - 2014-11-29 13:35 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\ftblauncher
2014-11-26 18:29 - 2014-11-19 08:29 - 00582552 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-26 18:29 - 2014-11-19 08:29 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-25 14:42 - 2014-11-25 14:42 - 02421104 _____ () C:\Users\Ich\Downloads\Fraps.rar
2014-11-25 14:25 - 2014-11-25 14:25 - 07518634 _____ () C:\Users\Ich\Downloads\OBS_0_638b_Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 17:07 - 2014-02-22 17:49 - 00000000 ____D () C:\Users\Ich\AppData\Local\CrashDumps
2014-12-24 17:04 - 2014-04-25 14:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Spotify
2014-12-24 17:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-24 16:56 - 2014-02-17 16:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-12-24 16:47 - 2014-02-17 00:34 - 01216700 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 16:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-24 16:35 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-24 16:34 - 2014-02-17 01:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-24 16:32 - 2014-02-17 01:02 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-24 16:27 - 2014-02-17 00:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3979035309-3685434384-2670183491-1001
2014-12-24 16:23 - 2012-07-26 11:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-12-24 16:23 - 2012-07-26 11:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-12-24 16:23 - 2012-07-26 08:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 16:17 - 2014-03-13 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-24 16:17 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-24 16:16 - 2014-02-17 00:27 - 00640266 _____ () C:\Windows\PFRO.log
2014-12-24 15:22 - 2014-02-17 01:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-24 14:43 - 2014-02-18 18:39 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-12-24 14:43 - 2014-02-17 00:35 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe
2014-12-24 14:18 - 2014-02-18 18:36 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 14:13 - 2014-02-28 16:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-24 13:48 - 2014-02-17 16:31 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\.minecraft
2014-12-22 11:53 - 2014-09-26 08:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-20 13:49 - 2014-02-19 17:15 - 00000000 ____D () C:\Users\Ich\AppData\Local\Battle.net
2014-12-20 10:01 - 2014-04-25 14:13 - 00000000 ____D () C:\Users\Ich\AppData\Local\Spotify
2014-12-19 19:29 - 2014-11-11 15:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-18 19:22 - 2014-02-23 14:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-17 18:50 - 2014-03-22 16:07 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\OBS
2014-12-15 20:29 - 2014-02-17 18:19 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\TS3Client
2014-12-14 10:32 - 2014-02-17 16:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 14:58 - 2014-02-19 17:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-09 20:01 - 2014-11-02 10:49 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-08 18:02 - 2012-07-26 08:21 - 00023752 _____ () C:\Windows\setupact.log
2014-12-08 16:47 - 2014-11-10 16:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\iFunbox_UserCache
2014-12-07 16:47 - 2014-02-23 15:06 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-07 12:04 - 2014-02-19 17:18 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-07 09:50 - 2014-02-17 01:35 - 00000000 ____D () C:\Program Files\Google
2014-12-06 15:22 - 2014-07-12 19:47 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment
2014-12-06 15:20 - 2014-02-17 01:33 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google
2014-12-06 15:19 - 2014-03-31 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-06 15:19 - 2014-03-31 08:58 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-12-06 15:18 - 2014-10-04 15:41 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-12-06 15:18 - 2014-08-05 21:27 - 00000000 ____D () C:\AeriaGames
2014-12-06 15:18 - 2014-03-22 16:04 - 00000000 ____D () C:\Fraps
2014-12-06 15:18 - 2014-02-28 16:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-06 15:16 - 2014-02-17 16:13 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-12-05 21:05 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-05 15:23 - 2014-07-12 14:44 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-05 15:23 - 2014-07-12 14:44 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-05 15:23 - 2014-02-18 14:38 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot
2014-12-05 15:23 - 2014-02-17 01:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\NCSOFT
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Users\Ich\AppData\Local\NCSOFT
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-12-05 15:21 - 2014-04-03 17:28 - 00000000 ____D () C:\Users\Ich\AppData\Local\Unity
2014-12-05 15:17 - 2014-02-17 16:30 - 00000000 ____D () C:\Program Files\Java
2014-12-05 14:48 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-05 13:55 - 2014-02-17 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-04 21:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-04 19:01 - 2014-02-17 00:35 - 00000000 ____D () C:\Users\Ich
2014-12-02 14:28 - 2014-03-31 08:59 - 00000000 ____D () C:\Users\Ich\Downloads\Gameforge Live
2014-11-25 14:26 - 2014-03-22 16:07 - 00000000 ____D () C:\Program Files\OBS
2014-11-25 14:26 - 2014-03-22 16:07 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-11-24 19:42 - 2014-05-12 09:36 - 00001582 _____ () C:\Windows\Sandboxie.ini
2014-11-24 16:04 - 2014-09-11 18:39 - 00000000 ____D () C:\Users\Ich\Documents\Clownfish Avatars

Some content of TEMP:
====================
C:\Users\Ich\AppData\Local\Temp\aA042aFFf.exe
C:\Users\Ich\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Ich\AppData\Local\Temp\avgnt.exe
C:\Users\Ich\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ich\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Ich\AppData\Local\Temp\nsz915D.exe
C:\Users\Ich\AppData\Local\Temp\ochelper.dll
C:\Users\Ich\AppData\Local\Temp\ochelper.exe
C:\Users\Ich\AppData\Local\Temp\optprosetup.exe
C:\Users\Ich\AppData\Local\Temp\Quarantine.exe
C:\Users\Ich\AppData\Local\Temp\setup_384.exe
C:\Users\Ich\AppData\Local\Temp\Shop2.exe
C:\Users\Ich\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ich\AppData\Local\Temp\SpOrder.dll
C:\Users\Ich\AppData\Local\Temp\sqlite3.dll
C:\Users\Ich\AppData\Local\Temp\sSetup-se.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 16:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Ich at 2014-12-24 17:07:47
Running from C:\Users\Ich\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation)
ContextTrue (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\ContextTrue) (Version:  - )
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.0.1296.18 - Infernum Productions AG)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
Flwsrf (HKLM-x32\...\Flwsrf) (Version: 3.0.0.2 - Flwsrf) <==== ATTENTION!
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GotClip Downloader (HKLM-x32\...\GotClip) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.1 - www.leaguereplays.com)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MK HS TOOL (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\HS TOOL) (Version:  - )
MKLOL (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\MKLOL) (Version:  - )
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Photo Enlarge (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-12-2014 18:59:37 Camtasia Studio 8 wird installiert
05-12-2014 21:03:16 Removed BlueStacks Notification Center
07-12-2014 18:09:41 Installed LogMeIn Hamachi
13-12-2014 11:48:14 Removed LogMeIn Hamachi
24-12-2014 15:05:26 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-12-04 19:02 - 00001472 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04B86A77-D2C8-4326-AAC0-3A86139B9CE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-24] (Microsoft Corporation)
Task: {17432E68-5AC9-49E2-A100-2A41CC4FFF0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {2BC030A5-7604-4A86-995B-6D977D89F4FF} - System32\Tasks\BCZQOTW => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: {304B146B-1B1C-4BFF-B600-AEDF35C231F5} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {3C06769A-B485-427D-9FAF-898CBCC9D9E1} - System32\Tasks\{FB5AA185-EDB5-47F6-89E9-5D0185903BCD} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {63162C5D-C5B8-4031-B91A-2ADB9A7DC968} - System32\Tasks\BW => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: {A511457E-5C67-48AC-AF66-038C5F94A915} - System32\Tasks\Auto Aktivierung => C:\Windows\Setup\Scripts\TriggerKMS.exe [2013-01-24] ()
Task: {B0459DEC-6D70-4521-9666-A01DB56011BE} - System32\Tasks\AdobeAAMUpdater-1.0-Kristian-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {C9CE5827-8BAD-4B3A-81A9-9965D2A6A58D} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
Task: {CAF34C64-B85E-474C-A603-69D5CB1AEA9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA3FD1ED-1F85-41CB-BB93-F31EB7CD98A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {FE73FE89-4939-4E5D-B560-5F6FA656ABA5} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: C:\Windows\Tasks\BCZQOTW.job => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BW.job => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-13 16:53 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-17 01:03 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-02-17 00:40 - 2012-09-28 02:26 - 00087040 _____ () C:\Windows\PersonalizeEnabler.exe
2014-02-17 00:40 - 2012-09-27 00:31 - 00084992 _____ () C:\Windows\SLCHook.dll
2014-02-17 00:40 - 2009-03-07 06:02 - 00102912 _____ () C:\Windows\EasyHook64.dll
2014-07-11 13:17 - 2014-07-11 13:17 - 00601584 _____ () C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe
2014-04-25 14:13 - 2014-12-12 18:36 - 00374840 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-17 01:03 - 2014-12-24 16:17 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-02-17 01:03 - 2013-07-04 03:32 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 36966968 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-04 15:44 - 2014-07-04 15:44 - 00401408 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2014-02-17 01:40 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-17 20:28 - 2014-12-12 18:36 - 00867896 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 00886840 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 00108600 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Ich\Downloads\Menu__6629_i1430428382_il467025.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "nvhlpr"
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "HS TOOL"
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "SwvUpdtr"

========================= Accounts: ==========================

Administrator (S-1-5-21-3979035309-3685434384-2670183491-500 - Administrator - Disabled)
Gast (S-1-5-21-3979035309-3685434384-2670183491-501 - Limited - Disabled)
Ich (S-1-5-21-3979035309-3685434384-2670183491-1001 - Administrator - Enabled) => C:\Users\Ich
kobol_000 (S-1-5-21-3979035309-3685434384-2670183491-1004 - Limited - Enabled) => C:\Users\kobol_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2014 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST64.exe, Version: 24.12.2014.0, Zeitstempel: 0x549a8da8
Name des fehlerhaften Moduls: FRST64.exe, Version: 24.12.2014.0, Zeitstempel: 0x549a8da8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000247c9
ID des fehlerhaften Prozesses: 0x1350
Startzeit der fehlerhaften Anwendung: 0xFRST64.exe0
Pfad der fehlerhaften Anwendung: FRST64.exe1
Pfad des fehlerhaften Moduls: FRST64.exe2
Berichtskennung: FRST64.exe3
Vollständiger Name des fehlerhaften Pakets: FRST64.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FRST64.exe5

Error: (12/24/2014 04:14:29 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.

Error: (12/24/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PCSUQuickScan.exe, Version: 0.0.0.0, Zeitstempel: 0x54539729
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d34d8
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000000000047b8c
ID des fehlerhaften Prozesses: 0x1240
Startzeit der fehlerhaften Anwendung: 0xPCSUQuickScan.exe0
Pfad der fehlerhaften Anwendung: PCSUQuickScan.exe1
Pfad des fehlerhaften Moduls: PCSUQuickScan.exe2
Berichtskennung: PCSUQuickScan.exe3
Vollständiger Name des fehlerhaften Pakets: PCSUQuickScan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PCSUQuickScan.exe5

Error: (12/24/2014 03:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.65, Zeitstempel: 0x546659db
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17046, Zeitstempel: 0x53b485c4
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00078c9e
ID des fehlerhaften Prozesses: 0x1948
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (12/24/2014 02:29:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 13.0.0.0, Zeitstempel: 0x4e9569dd
Name des fehlerhaften Moduls: Photoshop.exe, Version: 13.0.0.0, Zeitstempel: 0x4e9569dd
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00472d67
ID des fehlerhaften Prozesses: 0x13fc
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3
Vollständiger Name des fehlerhaften Pakets: Photoshop.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Photoshop.exe5

Error: (12/24/2014 02:29:03 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (12/24/2014 02:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.95, Zeitstempel: 0x548243f3
Name des fehlerhaften Moduls: DpInterface32.dll, Version: 3.0.2.3482, Zeitstempel: 0x53b621ae
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008ff3a
ID des fehlerhaften Prozesses: 0x2844
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Vollständiger Name des fehlerhaften Pakets: chrome.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: chrome.exe5

Error: (12/24/2014 02:12:55 PM) (Source: MsiInstaller) (EventID: 11309) (User: Kristian)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (12/22/2014 04:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Craften Terminal.exe, Version: 4.0.5342.32399, Zeitstempel: 0x53f0df8f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0d155878
ID des fehlerhaften Prozesses: 0x90c
Startzeit der fehlerhaften Anwendung: 0xCraften Terminal.exe0
Pfad der fehlerhaften Anwendung: Craften Terminal.exe1
Pfad des fehlerhaften Moduls: Craften Terminal.exe2
Berichtskennung: Craften Terminal.exe3
Vollständiger Name des fehlerhaften Pakets: Craften Terminal.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Craften Terminal.exe5

Error: (12/22/2014 01:23:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm League of Legends.exe, Version 4.21.0.397 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a0

Startzeit: 01d01de1fa9666b4

Endzeit: 4294967295

Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.71\deploy\League of Legends.exe

Berichts-ID: 58403f39-89d5-11e4-bfde-bcee7b5d6d5a

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (12/24/2014 04:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CA Service component" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/24/2014 04:16:28 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Absturzbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physischen Speicher abbilden zu können.

Error: (12/24/2014 04:15:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/24/2014 04:15:43 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/24/2014 04:15:30 PM) (Source: DCOM) (EventID: 10010) (User: Kristian)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/24/2014 04:15:30 PM) (Source: DCOM) (EventID: 10010) (User: Kristian)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/24/2014 04:15:30 PM) (Source: DCOM) (EventID: 10010) (User: Kristian)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/24/2014 04:15:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/24/2014 04:15:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/24/2014 04:15:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (12/24/2014 05:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe24.12.2014.0549a8da8FRST64.exe24.12.2014.0549a8da8c000000500000000000247c9135001d01f939624cbe7C:\Users\Ich\Downloads\FRST64.exeC:\Users\Ich\Downloads\FRST64.exee2316c45-8b86-11e4-bfe4-bcee7b5d6d5a

Error: (12/24/2014 04:14:29 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.

Error: (12/24/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PCSUQuickScan.exe0.0.0.054539729KERNELBASE.dll6.2.9200.16864531d34d8e06d73630000000000047b8c124001d01f8b266ca9e2C:\Program Files (x86)\PC Speed Up\PCSUQuickScan.exeC:\Windows\system32\KERNELBASE.dll98008dba-8b7e-11e4-bfe3-bcee7b5d6d5a

Error: (12/24/2014 03:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.65546659dbntdll.dll6.2.9200.1704653b485c4c000014200078c9e194801d01f8580a60d81C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dllbf489d5c-8b78-11e4-bfe2-bcee7b5d6d5a

Error: (12/24/2014 02:29:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Photoshop.exe13.0.0.04e9569ddPhotoshop.exe13.0.0.04e9569ddc000000500472d6713fc01d01f7d100c3db8C:\Users\Ich\Desktop\photoshop cs6\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exeC:\Users\Ich\Desktop\photoshop cs6\AdobePhotoshopCS6Portable\App\PhotoshopCS6\Photoshop.exed3fb9f08-8b70-11e4-bfdf-bcee7b5d6d5a

Error: (12/24/2014 02:29:03 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 

Error: (12/24/2014 02:28:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.95548243f3DpInterface32.dll3.0.2.348253b621aec00000050008ff3a284401d01f7d8ad52fdeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\SupTab\DpInterface32.dllc92f57d3-8b70-11e4-bfdf-bcee7b5d6d5a

Error: (12/24/2014 02:12:55 PM) (Source: MsiInstaller) (EventID: 11309) (User: Kristian)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/22/2014 04:18:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Craften Terminal.exe4.0.5342.3239953f0df8funknown0.0.0.000000000c00000050d15587890c01d01dfa7f114ba9C:\Program Files (x86)\Craften Terminal\Craften Terminal.exeunknownd4edd4b0-89ed-11e4-bfdf-bcee7b5d6d5a

Error: (12/22/2014 01:23:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe4.21.0.3978a001d01de1fa9666b44294967295C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.71\deploy\League of Legends.exe58403f39-89d5-11e4-bfde-bcee7b5d6d5a


CodeIntegrity Errors:
===================================
  Date: 2014-12-24 16:16:52.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 15:32:33.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 15:08:19.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 14:40:44.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 14:30:39.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-22 13:24:50.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-21 10:38:28.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-20 21:08:47.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-20 09:57:56.058
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-19 17:21:51.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 29%
Total physical RAM: 8130.14 MB
Available physical RAM: 5739.82 MB
Total Pagefile: 16834.14 MB
Available Pagefile: 13861.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:672.49 GB) NTFS
Drive e: (24 Mrz 2013) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00180018)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 24.12.2014, 17:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Virenscanner-Logs?

Zitat:
C:\Users\Ich\Downloads\PhotoShop CS6 Crack SkaZinKiN.rar
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.12.2014, 20:29   #5
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Oh, sorry. Habe es natürlich gelöscht und hoffe das ich da nichts mehr habe. Wenn da noch was ist, dann tut es mir leid aber ich meine ich habe nichts illegales mehr. Wollte nochmal danken das du mir hilfst
Zu den antiviren-log ich habe keinen log gemacht.


Geändert von Vali0 (24.12.2014 um 20:48 Uhr)

Alt 24.12.2014, 23:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Zitat:
Zu den antiviren-log ich habe keinen log gemacht.
Bitte mein erstes Posting nochmal richtig lesen
__________________
--> Internet öffnet immer neue tabs mit Werbung

Alt 25.12.2014, 14:36   #7
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Dort steht das ich keine neuen Virenscanns durchführen soll und ich habe seit monaten kein viren-scan gemacht. Sorry bin ich jetzt ganz Dumm oder was soll ich tun ?
LG

Alt 25.12.2014, 17:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Dann schreib es doch auch, bin doch kein


Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2014, 11:17   #9
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Ehm AdwCleaner habe ich schonmal gemacht, da ich mich im internet schlau gelesen habe und sie sagten das dies hilft. Nun ich poste jetzt den ersten log wo ich das gemacht habe, weil den den ich jetzt gemacht habe hat er nichts gefunden.
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 24/12/2014 um 14:37:02
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Ich - KRISTIAN
# Gestartet von : C:\Users\Ich\Downloads\adwcleaner_4.106.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : globalUpdate
Dienst Gefunden : globalUpdatem
Dienst Gefunden : IePluginServices
Dienst Gefunden : servervo
Dienst Gefunden : WindowsMangerProtect
Dienst Gefunden : fc67e7a0
Dienst Gefunden : InjectorService
Dienst Gefunden : abengine

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gefunden : C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
Datei Gefunden : C:\Users\Ich\AppData\Local\speedial.crx
Datei Gefunden : C:\Users\Ich\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\{74904424-ec46-4d61-bd52-8b528a96f6d1}.xpi
Datei Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\searchplugins\Mysearchdial.xml
Datei Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\searchplugins\trovi-search.xml
Datei Gefunden : C:\Users\Ich\AppData\Roaming\regsvr32.exe_log.txt
Datei Gefunden : C:\Users\Ich\Desktop\Continue Live Installation.lnk
Ordner Gefunden : C:\Program Files (x86)\CinemaP-1.4cV24.12
Ordner Gefunden : C:\Program Files (x86)\DeltaFix
Ordner Gefunden : C:\Program Files (x86)\globalUpdate
Ordner Gefunden : C:\Program Files (x86)\GotClip
Ordner Gefunden : C:\Program Files (x86)\mbot_de_372
Ordner Gefunden : C:\Program Files (x86)\Mysearchdial
Ordner Gefunden : C:\Program Files (x86)\software4u
Ordner Gefunden : C:\Program Files (x86)\SupTab
Ordner Gefunden : C:\ProgramData\9711429445394706898
Ordner Gefunden : C:\ProgramData\baidu
Ordner Gefunden : C:\ProgramData\IePluginServices
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
Ordner Gefunden : C:\ProgramData\software4u
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Ordner Gefunden : C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gefunden : C:\Users\Ich\AppData\Local\ConvertAd
Ordner Gefunden : C:\Users\Ich\AppData\Local\globalUpdate
Ordner Gefunden : C:\Users\Ich\AppData\Local\mbot_de_372
Ordner Gefunden : C:\Users\Ich\AppData\LocalLow\Mysearchdial
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\faststartff@gmail.com
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\ffxtlbr@mysearchdial.com
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\R@LPeyY.net
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\YS8G7x70@g.edu
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\Mysearchdial
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\SkypEmoticons
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\software4u
Ordner Gefunden : C:\Users\Ich\AppData\Roaming\VOPackage
Ordner Gefunden : C:\Users\Ich\Documents\PC Speed Maximizer
Ordner Gefunden : C:\Users\Public\Documents\baidu

***** [ Tasks ] *****

Task Gefunden : globalUpdateUpdateTaskMachineCore
Task Gefunden : globalUpdateUpdateTaskMachineUA
Task Gefunden : MySearchDial
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-1
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-2
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-3
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-4
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-5
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-5_user
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-6
Task Gefunden : 1c397cd3-39c3-46f8-81e1-9b182093dd7c-7

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\CinemaP-1.4cV24.12
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\GlobalUpdate
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\mysearchdial
Schlüssel Gefunden : HKCU\Software\mysearchdial.com
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\SupHpUISoft
Schlüssel Gefunden : HKCU\Software\Tutorials
Schlüssel Gefunden : HKCU\Software\TutoTag
Schlüssel Gefunden : [x64] HKCU\Software\GlobalUpdate
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}
Schlüssel Gefunden : [x64] HKCU\Software\mysearchdial
Schlüssel Gefunden : [x64] HKCU\Software\mysearchdial.com
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\SupHpUISoft
Schlüssel Gefunden : [x64] HKCU\Software\Tutorials
Schlüssel Gefunden : [x64] HKCU\Software\TutoTag
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\CinemaP-1.4cV24.12
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\.
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\..9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\..9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6b3f7962-b91b-4e19-8cab-eb2a5c201005}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{d5543dff-3a82-44b9-9c8e-4469bd0274be}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574481}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574481}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Schlüssel Gefunden : HKLM\SOFTWARE\FlowSurf
Schlüssel Gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gefunden : HKLM\SOFTWARE\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ec1214e-f643-4e55-aeb3-bce9f3599de7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d18fa074-7185-4cd3-863c-15888501dbbf}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571181}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b3f7962-b91b-4e19-8cab-eb2a5c201005}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5543dff-3a82-44b9-9c8e-4469bd0274be}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6b3f7962-b91b-4e19-8cab-eb2a5c201005}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d5543dff-3a82-44b9-9c8e-4469bd0274be}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.4cV24.12
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_372_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\SupTab
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\supWPM
Schlüssel Gefunden : HKLM\SOFTWARE\Tutorials
Schlüssel Gefunden : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571181}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572281}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{6b3f7962-b91b-4e19-8cab-eb2a5c201005}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{d5543dff-3a82-44b9-9c8e-4469bd0274be}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575581}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576681}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ec1214e-f643-4e55-aeb3-bce9f3599de7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d18fa074-7185-4cd3-863c-15888501dbbf}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571181}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b3f7962-b91b-4e19-8cab-eb2a5c201005}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5543dff-3a82-44b9-9c8e-4469bd0274be}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [framei]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iDevice Manager Launcher]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_372]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17148

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1419426715&from=cvs4&uid=TOSHIBAXDT01ACA100_Z3DKH00NSXXZ3DKH00NSX&q={searchTerms}

-\\ Mozilla Firefox v28.0 (de)

[s9d7ok7u.default] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[s9d7ok7u.default] - Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.NFyFo17LvcuZGVhl.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.crossrider.bic", "14a7c7b735f67343cadf52a23aa5ec9f");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,faststartff%40gmail.com:4.3.0,23fb8bb3-ac21-4230-bbfa-49b94968bc63%40gmail.com:0.95.46,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.irmysearch.aflt", "ir_14_17_ch");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtD0EyCtCtCyBtGtBzztAtDt[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.irmysearch.cr", "936283171");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "140305_a");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.AL", 2);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "ir_14_17_ch");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtD0EyCtCtCyBtGtBzztAt[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "DE");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.cr", "936283171");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "8AF1D4265CB4FDC2AB03EE965AA77601");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtD[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.id", "BCEE7B5D6D5A602E");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16182");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "140305_a");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtA[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.020:34:26");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyE[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_17_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByD0DyC0DyD0AyCtDtB0EtN0D0Tzu0SzzyEtAtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutC[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.020:34:26");
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.p3nTlQDjMaToGtnR.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[s9d7ok7u.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95


-\\ Comodo Dragon v

[C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-12-05&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko

*************************

AdwCleaner[R0].txt - [35834 octets] - [24/12/2014 14:37:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [35895 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 Pro x64
Ran by Ich on 26.12.2014 at 11:07:09,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\s9d7ok7u.default\prefs.js

user_pref("extensions.p3nTlQDjMaToGtnR.url", "hxxp://canadafirstforeverygroup.net/sync2/?q=hfZ9ofV9CShEAen0rjkHpihTB6lKDzt4okmxtNtVh7n0rjnFrTsFrjwHrHa7tMFHhd9FqdwGrTwFrjr5qjrM
Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\s9d7ok7u.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2014 at 11:08:50,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by Ich (administrator) on KRISTIAN on 26-12-2014 11:10:50
Running from C:\Users\Ich\Downloads
Loaded Profile: Ich (Available profiles: Ich & kobol_000)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\slsvc.exe
() C:\Windows\PersonalizeEnabler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Ich\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Thisisu) C:\Users\Ich\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [MKLOL] => C:\Program Files (x86)\MKJogo\MKLOL\MK.exe [1277128 2014-05-02] (MK)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Spotify Web Helper] => C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ich\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [HS TOOL] => C:\Program Files (x86)\MKJogo\MKHSTOOL\HS_TOOL.exe [884424 2014-11-14] (Hs Tool)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [Spotify] => C:\Users\Ich\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [nvhlpr] => C:\Users\Ich\AppData\Local\ContextTrue\nvhlpr.exe [601584 2014-07-11] ()
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [cnthlpr] => C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe [601584 2014-07-11] ()
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Run: [SwvUpdtr] => C:\Users\Ich\AppData\Local\24759\Updater.exe [773632 2014-12-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3979035309-3685434384-2670183491-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3979035309-3685434384-2670183491-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default
FF DefaultSearchEngine: Yahoo DE
FF SelectedSearchEngine: Yahoo DE
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\abs@avira.com [2014-12-24]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\s9d7ok7u.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome: 
=======
CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-24]
CHR Extension: (Google Search) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-24]
CHR Extension: (Gmail) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 serverca; C:\Users\Ich\AppData\Local\ConvertAd\CASrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-01] (LogMeIn Inc.)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2013-01-25] (ASUSTeK Computer Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 11:08 - 2014-12-26 11:08 - 00001113 _____ () C:\Users\Ich\Desktop\JRT.txt
2014-12-26 11:07 - 2014-12-26 11:07 - 00000000 ____D () C:\Windows\ERUNT
2014-12-26 11:06 - 2014-12-26 11:06 - 01707646 _____ (Thisisu) C:\Users\Ich\Downloads\JRT.exe
2014-12-26 11:06 - 2014-12-26 11:06 - 01707646 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe
2014-12-26 10:54 - 2012-10-07 01:32 - 10094592 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-12-26 10:53 - 2014-12-26 10:53 - 02173952 _____ () C:\Users\Ich\Downloads\AdwCleaner_4.106 (2).exe
2014-12-25 16:34 - 2014-12-25 16:34 - 05603624 _____ (Swearware) C:\Users\Ich\Downloads\ComboFix.exe
2014-12-25 14:28 - 2014-12-25 14:28 - 00000862 _____ () C:\Users\Ich\Desktop\Ereignisse.txt
2014-12-24 22:38 - 2014-12-24 22:39 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\Ich\Downloads\BlueStacks-SplitInstaller_native.exe
2014-12-24 17:07 - 2014-12-24 17:08 - 00032186 _____ () C:\Users\Ich\Downloads\Addition.txt
2014-12-24 17:06 - 2014-12-26 11:10 - 00016515 _____ () C:\Users\Ich\Downloads\FRST.txt
2014-12-24 17:06 - 2014-12-26 11:10 - 00000000 ____D () C:\FRST
2014-12-24 17:06 - 2014-12-24 17:06 - 02122240 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe
2014-12-24 16:31 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-12-24 16:31 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-12-24 16:31 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-12-24 16:31 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-12-24 16:31 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-12-24 16:06 - 2014-12-24 16:06 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan
2014-12-24 16:02 - 2014-12-24 16:02 - 02173952 _____ () C:\Users\Ich\Downloads\adwcleaner_4.106 (1).exe
2014-12-24 15:59 - 2014-12-24 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-24 15:58 - 2014-12-24 15:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-24 15:53 - 2014-12-24 16:14 - 123540231 _____ () C:\Users\Ich\Downloads\X15-65741.iso.crdownload
2014-12-24 15:37 - 2014-12-24 15:37 - 00001442 _____ () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-24 15:23 - 2014-12-24 15:57 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-24 15:22 - 2014-12-24 15:22 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-24 15:22 - 2014-12-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-24 15:21 - 2014-12-26 11:02 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-24 15:21 - 2014-12-25 21:26 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 15:21 - 2014-12-24 15:21 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-24 15:21 - 2014-12-24 15:21 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-24 15:19 - 2014-12-24 15:19 - 00871360 _____ () C:\Users\Ich\Downloads\google_chrome.exe
2014-12-24 15:14 - 2014-12-24 15:13 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-12-24 15:12 - 2014-12-24 15:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Avira
2014-12-24 15:12 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\Windows\system32\abengine64.dll
2014-12-24 15:12 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2014-12-24 14:37 - 2014-12-26 11:04 - 00000000 ____D () C:\AdwCleaner
2014-12-24 14:37 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-12-24 14:37 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-12-24 14:37 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-12-24 14:36 - 2014-12-24 14:36 - 02173952 _____ () C:\Users\Ich\Downloads\adwcleaner_4.106.exe
2014-12-24 14:35 - 2014-12-24 14:35 - 00000000 ____D () C:\Users\Ich\AppData\Local\24759
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-24 14:27 - 2014-12-24 14:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-24 14:27 - 2014-12-24 14:27 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Ich\Downloads\avira_de_av___ws.exe
2014-12-24 14:27 - 2014-12-24 14:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 14:25 - 2014-12-24 14:25 - 00003498 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Kristian-Ich
2014-12-24 14:25 - 2014-12-24 14:25 - 00000112 ____H () C:\A459BAE54B93
2014-12-24 14:25 - 2014-12-24 14:25 - 00000040 ____H () C:\5B0AE88E56FC
2014-12-24 14:25 - 2014-12-24 14:25 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-24 14:25 - 2014-12-24 14:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-24 14:23 - 2014-12-24 14:23 - 00000000 ____D () C:\Users\Ich\AppData\Local\Sparta
2014-12-24 14:13 - 2014-12-26 11:02 - 00001340 _____ () C:\Windows\Tasks\BW.job
2014-12-24 14:13 - 2014-12-24 14:13 - 00004340 _____ () C:\Windows\System32\Tasks\BW
2014-12-24 14:12 - 2014-12-26 11:02 - 00001694 _____ () C:\Windows\Tasks\BCZQOTW.job
2014-12-24 14:12 - 2014-12-24 14:13 - 00000000 ____D () C:\Program Files (x86)\db698c94-f0f9-4cbe-95bb-3e7396d3dbb7
2014-12-24 14:12 - 2014-12-24 14:12 - 00004696 _____ () C:\Windows\System32\Tasks\BCZQOTW
2014-12-24 14:12 - 2014-12-24 14:12 - 00000000 ____D () C:\Users\Ich\AppData\Local\ContextTrue
2014-12-24 14:11 - 2014-12-24 14:31 - 00004704 _____ () C:\Windows\SysWOW64\abengine.ini
2014-12-24 14:11 - 2014-12-24 14:31 - 00002608 _____ () C:\Windows\SysWOW64\abengineOff.ini
2014-12-24 14:11 - 2014-12-24 14:31 - 00002608 _____ () C:\Windows\system32\abengineOff.ini
2014-12-24 14:10 - 2014-12-24 16:20 - 00000000 ____D () C:\Program Files (x86)\Flwsrf
2014-12-24 14:10 - 2014-12-24 14:10 - 00573632 _____ () C:\Users\Ich\Downloads\Menu__6629_i1430428382_il467025.exe
2014-12-24 14:10 - 2014-12-24 14:10 - 00003082 _____ () C:\Windows\System32\Tasks\upfs7235
2014-12-24 14:10 - 2014-12-24 14:10 - 00000000 ____D () C:\Program Files (x86)\pre_installer_de
2014-12-24 14:04 - 2014-12-24 14:04 - 00573632 _____ () C:\Users\Ich\Downloads\Menu__6629_i1430423469_il467025.exe
2014-12-24 10:51 - 2014-11-21 09:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-24 10:51 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-24 10:51 - 2014-11-21 09:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-24 10:51 - 2014-11-21 09:37 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-12-24 10:51 - 2014-11-21 09:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-24 10:51 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-24 10:51 - 2014-11-21 09:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-24 10:51 - 2014-11-21 08:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-24 10:51 - 2014-11-21 08:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-24 10:51 - 2014-11-21 08:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-24 10:51 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-24 10:51 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-24 10:51 - 2014-11-21 08:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-24 10:51 - 2014-11-21 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-24 10:51 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-24 10:51 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-24 10:51 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-24 10:51 - 2014-11-21 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-12-24 10:51 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-24 10:51 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-24 10:51 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-24 10:51 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-24 10:51 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-24 10:51 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-24 10:51 - 2014-09-18 00:24 - 00987136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2014-12-24 10:51 - 2014-09-18 00:24 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2014-12-24 10:51 - 2014-09-18 00:24 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2014-12-24 10:51 - 2014-09-18 00:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2014-12-24 10:51 - 2014-09-17 23:57 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2014-12-24 10:51 - 2014-09-17 23:57 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2014-12-24 10:51 - 2014-09-17 23:57 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2014-12-24 10:51 - 2014-09-17 23:57 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2014-12-24 10:51 - 2012-09-19 10:25 - 19778048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-24 10:50 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-12-24 10:50 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-12-24 10:50 - 2014-11-06 07:50 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-24 10:50 - 2014-11-06 06:03 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-24 10:46 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-24 10:46 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-21 12:40 - 2014-12-21 12:40 - 12495254 _____ () C:\Users\Ich\Downloads\tPC Parkour Ver 2.2.zip
2014-12-21 12:33 - 2014-12-24 16:34 - 00000000 ____D () C:\Program Files (x86)\Photo Enlarge
2014-12-21 12:33 - 2014-12-24 14:39 - 00000000 ____D () C:\Program Files (x86)\YoutuBeAduBloCKe
2014-12-21 12:32 - 2014-12-24 14:39 - 00000000 ____D () C:\Program Files (x86)\PrIceChop
2014-12-21 12:32 - 2014-12-21 12:32 - 00000000 ____D () C:\ProgramData\fcfkciaojmeemnpdfhehfchkaaicjecd
2014-12-21 12:32 - 2014-12-21 12:32 - 00000000 ____D () C:\Program Files (x86)\PriceChoop
2014-12-21 12:31 - 2014-12-21 12:31 - 01254256 _____ () C:\Users\Ich\Downloads\minecraftdl_9950.exe
2014-12-20 21:36 - 2014-12-20 21:38 - 28535909 _____ () C:\Users\Ich\Downloads\WynnCraft.zip
2014-12-14 16:06 - 2014-12-14 16:06 - 07518634 _____ () C:\Users\Ich\Downloads\OBS_0_638b_Installer (1).exe
2014-12-09 13:47 - 2014-12-09 13:48 - 13554590 _____ () C:\Users\Ich\Downloads\Kobe vs Messi- Legends on Board - Turkish Airlines.mp4
2014-12-08 20:37 - 2014-12-08 20:38 - 06298840 _____ () C:\Users\Ich\Downloads\Background music -- Hintergrundmusik.mp4
2014-12-08 20:36 - 2014-12-08 20:36 - 14673168 _____ () C:\Users\Ich\Downloads\Youtube Videos kostenlos ohne Programm DOWNLOADEN! [TUT] [GERMAN].mp4
2014-12-08 20:31 - 2014-12-08 20:32 - 02263435 _____ () C:\Users\Ich\Downloads\videoplayback (4)
2014-12-08 20:30 - 2014-12-08 20:30 - 00946397 _____ () C:\Users\Ich\Downloads\videoplayback (3)
2014-12-08 16:39 - 2014-12-08 16:39 - 10420256 _____ (CCCP Project ) C:\Users\Ich\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2014-12-08 16:33 - 2014-12-08 16:33 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2014-12-08 16:32 - 2014-12-08 16:37 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WindSolutions
2014-12-08 16:32 - 2014-12-08 16:37 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-08 16:32 - 2014-12-08 16:32 - 05102256 _____ (WindSolutions) C:\Users\Ich\Downloads\Install_CopyTransControlCenter.exe
2014-12-08 16:11 - 2014-12-08 16:24 - 00023906 _____ () C:\Windows\SysWOW64\msrsb04.dll
2014-12-08 16:11 - 2014-12-08 16:11 - 04143696 _____ (Marx Software ) C:\Users\Ich\Downloads\IDMSetup_4.5.0.3.exe
2014-12-08 16:11 - 2014-12-08 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager
2014-12-07 18:16 - 2014-12-07 18:16 - 00128402 _____ () C:\Users\Ich\Downloads\DamageIndicators[1.4.7]2.4.8.zip
2014-12-07 18:10 - 2014-12-07 18:10 - 00307390 _____ () C:\Users\Ich\Downloads\1.6.4 DamageIndicatorsv2.9.2.4.zip
2014-12-07 18:10 - 2014-12-07 18:10 - 00000000 ____D () C:\Users\Ich\AppData\Local\LogMeIn
2014-12-07 18:10 - 2014-12-07 18:10 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-12-07 18:08 - 2014-12-07 18:08 - 08536064 _____ () C:\Users\Ich\Downloads\hamachi279.msi
2014-12-07 15:31 - 2014-12-07 15:31 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StunlockStudios
2014-12-07 14:10 - 2014-12-07 14:10 - 00082064 _____ () C:\Users\Ich\Downloads\DamageIndicatorsMod1.4.6.zip
2014-12-07 13:07 - 2014-12-07 13:07 - 00000222 _____ () C:\Users\Ich\Desktop\Dead Island Epidemic.url
2014-12-06 16:48 - 2014-12-06 16:49 - 00000000 ____D () C:\Users\Ich\Downloads\divinerpg
2014-12-06 16:06 - 2014-12-25 18:40 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Craften Terminal
2014-12-06 16:05 - 2014-12-06 16:06 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal
2014-12-06 16:05 - 2014-12-06 16:05 - 00001107 _____ () C:\Users\Public\Desktop\Craften Terminal.lnk
2014-12-06 16:05 - 2014-12-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
2014-12-06 16:04 - 2014-12-06 16:05 - 17033651 _____ (Craften.de ) C:\Users\Ich\Downloads\craftenterminal.exe
2014-12-06 15:58 - 2014-12-06 15:58 - 02269863 _____ () C:\Users\Ich\Downloads\forge-1.6.4-9.11.1.965-installer.jar
2014-12-06 15:55 - 2014-12-06 15:56 - 14731653 _____ () C:\Users\Ich\Downloads\[1.6.4][Beta V6.1]DivineRPG.zip
2014-12-06 15:55 - 2014-12-06 15:55 - 00000243 _____ () C:\Users\Ich\Downloads\DivineRPG-Link.zip
2014-12-06 15:17 - 2014-12-06 15:17 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-12-06 15:17 - 2014-12-06 15:17 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-12-05 15:20 - 2014-12-05 15:20 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-05 15:20 - 2014-12-05 15:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-05 15:19 - 2014-12-05 15:20 - 31029672 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jre-7u71-windows-x64.exe
2014-12-05 14:53 - 2014-12-05 14:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\java
2014-12-05 14:08 - 2014-12-05 14:08 - 19934576 _____ () C:\Users\Ich\Downloads\DrakensangOnlineSetup (1).exe
2014-12-05 14:08 - 2014-12-05 14:08 - 00001972 _____ () C:\Users\Ich\Desktop\Drakensang Online.lnk
2014-12-05 14:08 - 2014-12-05 14:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online
2014-12-05 14:08 - 2014-12-05 14:08 - 00000000 ____D () C:\Program Files (x86)\Drakensang Online
2014-12-05 14:01 - 2014-12-05 14:04 - 92658088 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jre-8u25-windows-x64.exe
2014-12-05 13:59 - 2014-12-05 13:59 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25 (2).exe
2014-12-05 13:57 - 2014-12-05 13:57 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25 (1).exe
2014-12-05 13:55 - 2014-12-05 13:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-05 13:52 - 2014-12-05 13:52 - 00638888 _____ (Oracle Corporation) C:\Users\Ich\Downloads\chromeinstall-8u25.exe
2014-12-05 06:22 - 2014-12-06 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-12-05 06:22 - 2014-12-05 06:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo
2014-12-05 06:20 - 2014-12-05 06:26 - 00000000 ____D () C:\FFOutput
2014-12-05 06:20 - 2014-12-05 06:20 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-12-05 06:20 - 2014-11-07 16:13 - 31417672 _____ (AVM Software Inc.) C:\Users\Ich\Documents\pal_install_a4650_r131001_p127000.exe
2014-12-05 06:19 - 2014-12-05 06:19 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-05 06:17 - 2014-12-05 06:19 - 56201784 _____ (Free Time) C:\Users\Ich\Downloads\FFSetup3.5.0.0.exe
2014-12-04 21:23 - 2014-12-04 21:23 - 13537227 _____ () C:\Users\Ich\Downloads\videoplayback (2)
2014-12-04 21:22 - 2014-12-04 21:23 - 18563916 _____ () C:\Users\Ich\Downloads\videoplayback (1)
2014-12-04 21:21 - 2014-12-04 21:22 - 18563916 _____ () C:\Users\Ich\Downloads\videoplayback
2014-12-04 19:54 - 2014-12-04 19:54 - 00078514 _____ () C:\Users\Ich\Downloads\Farbbalken mit Ton (PAL).mp4
2014-12-04 19:02 - 2014-12-04 19:02 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\TechSmith
2014-12-04 19:01 - 2014-12-09 13:54 - 00000000 ____D () C:\Users\Ich\Documents\Camtasia Studio
2014-12-04 19:01 - 2014-12-04 19:01 - 00000000 ____D () C:\Users\Ich\AppData\Local\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-12-04 19:00 - 2014-12-04 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-04 18:50 - 2014-12-04 18:57 - 257705272 _____ () C:\Users\Ich\Downloads\camtasiade844.exe
2014-12-04 17:57 - 2014-12-04 17:57 - 00240164 _____ () C:\Users\Ich\Downloads\Neue Aufnahme.m4a
2014-12-01 18:26 - 2014-12-01 18:26 - 00001164 _____ () C:\Users\Public\Desktop\Elsword.lnk
2014-12-01 15:51 - 2014-12-01 15:51 - 00045112 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-11-30 16:34 - 2014-12-03 16:52 - 00000000 ____D () C:\Users\Ich\Downloads\direwolf20_17
2014-11-30 15:09 - 2014-11-30 15:09 - 00000000 ____D () C:\Users\Ich\Downloads\MagicFarm2
2014-11-30 14:19 - 2014-11-30 14:19 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Trove
2014-11-30 11:14 - 2014-11-30 11:14 - 00001865 _____ () C:\Users\Ich\Desktop\Trove.lnk
2014-11-30 11:07 - 2014-11-30 11:09 - 31884400 _____ (Trion Worlds Inc.) C:\Users\Ich\Downloads\GlyphInstall-0-131.exe
2014-11-29 13:50 - 2014-11-29 13:51 - 00000000 ____D () C:\Users\Ich\Downloads\FTBLite
2014-11-29 13:39 - 2014-11-29 13:51 - 00000000 ____D () C:\Users\Ich\Downloads\assets
2014-11-29 13:39 - 2014-11-29 13:50 - 00000000 ____D () C:\Users\Ich\Downloads\versions
2014-11-29 13:39 - 2014-11-29 13:40 - 00000000 ____D () C:\Users\Ich\Downloads\libraries
2014-11-29 13:37 - 2014-11-29 13:44 - 00000000 ____D () C:\Users\Ich\Downloads\FTBMageQuest
2014-11-29 13:35 - 2014-12-07 18:13 - 00000000 ____D () C:\Users\Ich\AppData\Local\ftblauncher
2014-11-29 13:35 - 2014-11-29 13:35 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\ftblauncher

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 11:08 - 2012-07-26 11:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat
2014-12-26 11:08 - 2012-07-26 11:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat
2014-12-26 11:08 - 2012-07-26 08:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 11:04 - 2014-02-17 16:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype
2014-12-26 11:03 - 2014-04-25 14:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Spotify
2014-12-26 11:02 - 2014-03-13 16:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 11:02 - 2014-02-17 00:27 - 00640580 _____ () C:\Windows\PFRO.log
2014-12-26 11:02 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-26 11:01 - 2014-02-17 00:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3979035309-3685434384-2670183491-1001
2014-12-26 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-26 10:55 - 2014-02-17 00:34 - 01305791 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 10:55 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-26 10:46 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-25 18:42 - 2014-02-17 16:31 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\.minecraft
2014-12-24 18:12 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-12-24 17:07 - 2014-02-22 17:49 - 00000000 ____D () C:\Users\Ich\AppData\Local\CrashDumps
2014-12-24 16:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-24 16:35 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-24 16:34 - 2014-02-17 01:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-24 16:32 - 2014-02-17 01:02 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-24 15:22 - 2014-02-17 01:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-24 14:43 - 2014-02-18 18:39 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
2014-12-24 14:43 - 2014-02-17 00:35 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe
2014-12-24 14:18 - 2014-02-18 18:36 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 14:13 - 2014-02-28 16:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-22 11:53 - 2014-09-26 08:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-20 13:49 - 2014-02-19 17:15 - 00000000 ____D () C:\Users\Ich\AppData\Local\Battle.net
2014-12-20 10:01 - 2014-04-25 14:13 - 00000000 ____D () C:\Users\Ich\AppData\Local\Spotify
2014-12-19 19:29 - 2014-11-11 15:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-18 19:22 - 2014-02-23 14:56 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-17 18:50 - 2014-03-22 16:07 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\OBS
2014-12-15 20:29 - 2014-02-17 18:19 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\TS3Client
2014-12-14 10:32 - 2014-02-17 16:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-12 14:58 - 2014-02-19 17:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-09 20:01 - 2014-11-02 10:49 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-08 18:02 - 2012-07-26 08:21 - 00023752 _____ () C:\Windows\setupact.log
2014-12-08 16:47 - 2014-11-10 16:28 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\iFunbox_UserCache
2014-12-07 16:47 - 2014-02-23 15:06 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-07 12:04 - 2014-02-19 17:18 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-07 09:50 - 2014-02-17 01:35 - 00000000 ____D () C:\Program Files\Google
2014-12-06 15:22 - 2014-07-12 19:47 - 00000000 ____D () C:\Users\Ich\AppData\Local\Deployment
2014-12-06 15:20 - 2014-02-17 01:33 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google
2014-12-06 15:19 - 2014-03-31 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-12-06 15:19 - 2014-03-31 08:58 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-12-06 15:18 - 2014-10-04 15:41 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-12-06 15:18 - 2014-08-05 21:27 - 00000000 ____D () C:\AeriaGames
2014-12-06 15:18 - 2014-02-28 16:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-05 21:05 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-05 15:23 - 2014-07-12 14:44 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-05 15:23 - 2014-07-12 14:44 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-12-05 15:23 - 2014-02-18 14:38 - 00000000 ____D () C:\Program Files (x86)\The Mighty Quest For Epic Loot
2014-12-05 15:23 - 2014-02-17 01:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\NCSOFT
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Users\Ich\AppData\Local\NCSOFT
2014-12-05 15:21 - 2014-05-13 10:42 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2014-12-05 15:21 - 2014-04-03 17:28 - 00000000 ____D () C:\Users\Ich\AppData\Local\Unity
2014-12-05 15:17 - 2014-02-17 16:30 - 00000000 ____D () C:\Program Files\Java
2014-12-05 13:55 - 2014-02-17 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-04 21:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-04 19:01 - 2014-02-17 00:35 - 00000000 ____D () C:\Users\Ich
2014-12-02 14:28 - 2014-03-31 08:59 - 00000000 ____D () C:\Users\Ich\Downloads\Gameforge Live
2014-11-26 22:11 - 2014-11-17 15:38 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:11 - 2014-11-17 15:38 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Ich\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 16:31

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-12-2014
Ran by Ich at 2014-12-26 11:11:10
Running from C:\Users\Ich\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation)
ContextTrue (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\ContextTrue) (Version:  - )
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.0.1296.18 - Infernum Productions AG)
Drakensang Online (HKLM-x32\...\Drakensang Online) (Version:  - )
Elsword (HKLM-x32\...\Elsword_de_is1) (Version:  - )
Flwsrf (HKLM-x32\...\Flwsrf) (Version: 3.0.0.2 - Flwsrf) <==== ATTENTION!
FormatFactory 3.5.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GotClip Downloader (HKLM-x32\...\GotClip) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.1 - www.leaguereplays.com)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MK HS TOOL (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\HS TOOL) (Version:  - )
MKLOL (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\MKLOL) (Version:  - )
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Nostale(DE) (HKLM-x32\...\NosTale(DE)_is1) (Version:  - Gameforge 4D GmbH)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Photo Enlarge (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zombie Invasion (HKLM-x32\...\ZombieInvasion) (Version: 2.7.50 - Time Lapse Solutions)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-12-2014 15:05:26 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-12-04 19:02 - 00001472 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17432E68-5AC9-49E2-A100-2A41CC4FFF0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {2BC030A5-7604-4A86-995B-6D977D89F4FF} - System32\Tasks\BCZQOTW => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: {304B146B-1B1C-4BFF-B600-AEDF35C231F5} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {3C06769A-B485-427D-9FAF-898CBCC9D9E1} - System32\Tasks\{FB5AA185-EDB5-47F6-89E9-5D0185903BCD} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\"
Task: {63162C5D-C5B8-4031-B91A-2ADB9A7DC968} - System32\Tasks\BW => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: {A511457E-5C67-48AC-AF66-038C5F94A915} - System32\Tasks\Auto Aktivierung => C:\Windows\Setup\Scripts\TriggerKMS.exe [2013-01-24] ()
Task: {B0459DEC-6D70-4521-9666-A01DB56011BE} - System32\Tasks\AdobeAAMUpdater-1.0-Kristian-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {C9CE5827-8BAD-4B3A-81A9-9965D2A6A58D} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe
Task: {CAF34C64-B85E-474C-A603-69D5CB1AEA9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC9C2B19-C1B5-4783-89B2-E6A69FB6FBE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-24] (Microsoft Corporation)
Task: {DA3FD1ED-1F85-41CB-BB93-F31EB7CD98A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-24] (Google Inc.)
Task: {FE73FE89-4939-4E5D-B560-5F6FA656ABA5} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: C:\Windows\Tasks\BCZQOTW.job => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BW.job => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-13 16:53 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-17 01:03 - 2013-07-04 03:32 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-02-17 00:40 - 2012-09-28 02:26 - 00087040 _____ () C:\Windows\PersonalizeEnabler.exe
2014-02-17 00:40 - 2012-09-27 00:31 - 00084992 _____ () C:\Windows\SLCHook.dll
2014-02-17 00:40 - 2009-03-07 06:02 - 00102912 _____ () C:\Windows\EasyHook64.dll
2014-07-11 13:17 - 2014-07-11 13:17 - 00601584 _____ () C:\Users\Ich\AppData\Local\ContextTrue\cnthlpr.exe
2014-04-25 14:13 - 2014-12-12 18:36 - 00374840 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-17 01:03 - 2014-12-26 11:02 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-02-17 01:03 - 2013-07-04 03:32 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 36966968 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-04 15:44 - 2014-07-04 15:44 - 00401408 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2014-07-17 20:28 - 2014-12-12 18:36 - 00867896 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 00886840 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-04-25 14:13 - 2014-12-12 18:36 - 00108600 _____ () C:\Users\Ich\AppData\Roaming\Spotify\Data\libegl.dll
2014-02-17 01:40 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-12-24 15:22 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Ich\Downloads\Menu__6629_i1430428382_il467025.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "nvhlpr"
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "HS TOOL"
HKU\S-1-5-21-3979035309-3685434384-2670183491-1001\...\StartupApproved\Run: => "SwvUpdtr"

========================= Accounts: ==========================

Administrator (S-1-5-21-3979035309-3685434384-2670183491-500 - Administrator - Disabled)
Gast (S-1-5-21-3979035309-3685434384-2670183491-501 - Limited - Disabled)
Ich (S-1-5-21-3979035309-3685434384-2670183491-1001 - Administrator - Enabled) => C:\Users\Ich
kobol_000 (S-1-5-21-3979035309-3685434384-2670183491-1004 - Limited - Enabled) => C:\Users\kobol_000

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/26/2014 11:10:10 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "MEDIA-HP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BDE77C34-8EB0-4A06-880B-DD789380824E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-26 11:02:24.280
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-26 10:55:44.733
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 16:16:52.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 15:32:33.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 15:08:19.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 14:40:44.496
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-24 14:30:39.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-22 13:24:50.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-21 10:38:28.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2014-12-20 21:08:47.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8130.14 MB
Available physical RAM: 6070.06 MB
Total Pagefile: 16834.14 MB
Available Pagefile: 14351.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:676.95 GB) NTFS
Drive e: (24 Mrz 2013) (CDROM) (Total:0.27 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00180018)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 26.12.2014, 18:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Zitat:
weil den den ich jetzt gemacht habe hat er nichts gefunden.
Klar, weil der adwCleaner nichts gefunden hat ist das Log voll mit Adware
Die Funde auch löschen lassen. Bitte die Anleitungen sorgfältiger lesen und umsetzen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2014, 19:23   #11
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Das ist der log vom 24 da habe ich es zum erstenmal gemacht, als ich ihn aber heute gemacht habe (26) hat er nichts gefunden, deswegen habe ich den ersten log gepostet .

Und vielen dank für deine Hilfe, wollte anmerken dass bis jetzt sich keine neuen Tabs öffnen.

Alt 26.12.2014, 19:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {2BC030A5-7604-4A86-995B-6D977D89F4FF} - System32\Tasks\BCZQOTW => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: {63162C5D-C5B8-4031-B91A-2ADB9A7DC968} - System32\Tasks\BW => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BCZQOTW.job => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BW.job => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
C:\Users\Ich\AppData\Roaming\BCZQOTW.exe
C:\Users\Ich\AppData\Roaming\BW.exe
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2014, 21:22   #13
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-12-2014
Ran by Ich at 2014-12-26 21:17:44 Run:2
Running from C:\Users\Ich\Desktop
Loaded Profile: Ich (Available profiles: Ich & kobol_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {2BC030A5-7604-4A86-995B-6D977D89F4FF} - System32\Tasks\BCZQOTW => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: {63162C5D-C5B8-4031-B91A-2ADB9A7DC968} - System32\Tasks\BW => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BCZQOTW.job => C:\Users\Ich\AppData\Roaming\BCZQOTW.exe <==== ATTENTION
Task: C:\Windows\Tasks\BW.job => C:\Users\Ich\AppData\Roaming\BW.exe <==== ATTENTION
C:\Users\Ich\AppData\Roaming\BCZQOTW.exe
C:\Users\Ich\AppData\Roaming\BW.exe
EmptyTemp:
Hosts:
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC030A5-7604-4A86-995B-6D977D89F4FF} => Key not found. 
C:\Windows\System32\Tasks\BCZQOTW not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BCZQOTW => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63162C5D-C5B8-4031-B91A-2ADB9A7DC968} => Key not found. 
C:\Windows\System32\Tasks\BW not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BW => Key not found. 
C:\Windows\Tasks\BCZQOTW.job not found.
C:\Windows\Tasks\BW.job not found.
"C:\Users\Ich\AppData\Roaming\BCZQOTW.exe" => File/Directory not found.
"C:\Users\Ich\AppData\Roaming\BW.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 511.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:18:29 ====
         
Hier

Alt 27.12.2014, 00:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.12.2014, 12:55   #15
Vali0
 
Internet öffnet immer neue tabs mit Werbung - Standard

Internet öffnet immer neue tabs mit Werbung



Ich habe aber nichts externes also kein usb-stick oder sonstiges, soll ich es trotzdem tun ?

Antwort

Themen zu Internet öffnet immer neue tabs mit Werbung
andere, datei, einfach, hoffe, inter, interne, internet, internet werbung, leute, neu, neue, neue tabs, neue tabs mit werbung, runtergeladen, sache, sachen, schmoll, tabs mit werbung, werbun, werbung, öffnet



Ähnliche Themen: Internet öffnet immer neue tabs mit Werbung


  1. Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung
    Log-Analyse und Auswertung - 21.07.2015 (10)
  2. Chrome öffnet automatisch neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (29)
  3. Google Chrome öffnet neue tabs mit werbung
    Log-Analyse und Auswertung - 08.01.2015 (16)
  4. Chrome öffnet selbstständig neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (13)
  5. Internet Explorer öffnet immer neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (17)
  6. Windows7 Firefox öffnet ständig neue Tabs mit Werbung
    Log-Analyse und Auswertung - 20.08.2014 (11)
  7. Mozilla öffnet immer wieder neue Tabs
    Mülltonne - 29.07.2014 (1)
  8. Windows 8: Firefox öffnet mehrere neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 21.07.2014 (9)
  9. Internet Browser öffnet selbststädnig Tabs und neue Fenster mit Werbung
    Log-Analyse und Auswertung - 10.07.2014 (8)
  10. Windows 8: Firefox öffnet selbstständig neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 20.06.2014 (11)
  11. Windows 7 Ultimate: Google Chrome öffnet von alleine neue Fenster mit Werbung oder neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (19)
  12. Firefox öffnet automatisch neue Tabs mit Werbung
    Log-Analyse und Auswertung - 28.02.2014 (11)
  13. Windows 7: Firefox öffnet automatisch neue Tabs mit Werbung
    Log-Analyse und Auswertung - 05.02.2014 (7)
  14. Chrome öffnet Tabs und manchmal neue Fenster mit Werbung
    Log-Analyse und Auswertung - 17.11.2013 (10)
  15. Firefox öffnet bei bestimmten Aktionen neue Tabs mit Werbung.
    Log-Analyse und Auswertung - 17.12.2012 (4)
  16. Firefox öffnet ungewollt neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  17. Firefox öffnet neue Tabs mit Werbung
    Log-Analyse und Auswertung - 03.05.2010 (24)

Zum Thema Internet öffnet immer neue tabs mit Werbung - Hey Leute, ich hoffe ihr könnt mir helfen Ich habe eine Datei runtergeladen und leider dabei noch andere sachen mit ... Nun habe ich den Salat und ich bekomme es - Internet öffnet immer neue tabs mit Werbung...
Archiv
Du betrachtest: Internet öffnet immer neue tabs mit Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.