Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Movie Wizard entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2015, 08:58   #1
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Hallöchen,

einmal falsch geklickt ..... 10 Programme installiert .... 9 davon haben sich einfach entfernen lassen (hofe ich ) aber movie wizard bekomme ich nicht weg, seitdem ballert mir das alle Seiten voll mit Werbung (trotz Blocker, dann sind die Fenster eben leer.....)

Wer kann / mag mir helfen ?

1000 Dank im voraus.

chris

Alt 05.01.2015, 09:11   #2
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Ist zwar scheinbar kein Plagegeist im herkömmlichen Sinn, aber versuch mal Revo Uninstaller:

Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach dem Programm/Programmen
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, sag Bescheid.
__________________

__________________

Alt 05.01.2015, 09:28   #3
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



danke erstmal. habe das so getan, das Programm ist nun aus der Systemsteuerung verschwunden, und es ist auch nichts mehr dort zu finden, dass ich Gestern erst installiert habe (die hatte ich über die Systemsteuerung gestern schon alle bis auf eben Movie Wizard deinstalliert).

das dumme ist ..... die Werbung erscheint trotzdem nach wie vor. Der Inhalt ist geblockt (Ad Blocker) aber das Fenster nervt eben wie die Sau .... auch wenn es nur weiß ist. Drunter steht "Ad by Movie Wizard"

Was kann ich da noch tun ?

danke
__________________

Alt 05.01.2015, 11:17   #4
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Lass uns mal schauen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 05.01.2015, 12:13   #5
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Christian (administrator) on CHRIS on 05-01-2015 11:59:19
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Small Island Development) C:\ProgramData\jItQNyBVnXO\rYsSZF.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_57] => [X]
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Amazon Cloud Player] => C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = omiga-plus
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = omiga-plus
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = omiga-plus
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Start Page = Search,,
HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
URLSearchHook: [S-1-5-21-2678595623-4148133582-4009595467-1015] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe omiga-plus
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=ME624538F-FA89-4AB3-866D-9AA8BBADEA52&SearchSource=58&CUI=&UM=8&UP=SP6EF89D65-F58D-40E2-94DC-242AE157431D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Adguard AdBlocker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-05]
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-05]
CHR Extension: (Avast SafePrice) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-23]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-05]
CHR Extension: (avast! Online Security) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-31]
CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-05-31]
CHR Extension: (Top Eleven) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 rYsSZF; C:\ProgramData\jItQNyBVnXO\rYsSZF.exe [2734456 2015-01-04] (Small Island Development)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-04] (Fuyu LIMITED) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 11:59 - 2015-01-05 11:59 - 00033499 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-01-05 11:59 - 2015-01-05 11:59 - 00000000 ____D () C:\FRST
2015-01-05 11:58 - 2015-01-05 11:58 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-01-05 09:17 - 2015-01-05 09:17 - 00001284 _____ () C:\Users\Christian\Desktop\Revo Uninstaller.lnk
2015-01-05 09:17 - 2015-01-05 09:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-05 09:13 - 2015-01-05 09:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe
2015-01-05 08:51 - 2015-01-05 08:51 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-05 08:47 - 2015-01-05 08:47 - 19244986 _____ () C:\Users\Christian\Downloads\Nicht bestätigt 147680.crdownload
2015-01-05 08:34 - 2015-01-05 08:35 - 20008315 _____ () C:\Users\Christian\Downloads\Silverlight_5.1.30214.zip
2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim.exe
2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim (1).exe
2015-01-04 21:26 - 2015-01-04 21:26 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237}
2015-01-04 21:25 - 2015-01-04 21:25 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\ProgramData\2355320829
2015-01-04 21:17 - 2015-01-04 21:17 - 00004016 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-01-04 21:16 - 2015-01-05 09:49 - 00000000 ____D () C:\Users\Christian\AppData\Local\MovieWizard
2015-01-04 21:15 - 2015-01-05 11:33 - 00001714 _____ () C:\WINDOWS\Tasks\YKHICJXT.job
2015-01-04 21:15 - 2015-01-05 08:49 - 00001364 _____ () C:\WINDOWS\Tasks\ABOHA.job
2015-01-04 21:15 - 2015-01-04 21:16 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-04 21:15 - 2015-01-04 21:15 - 02047464 _____ (HQ-VideoV04.01) C:\Users\Christian\AppData\Roaming\ABOHA.exe
2015-01-04 21:15 - 2015-01-04 21:15 - 02047464 _____ (Enter) C:\Users\Christian\AppData\Roaming\YKHICJXT.exe
2015-01-04 21:15 - 2015-01-04 21:15 - 00004720 _____ () C:\WINDOWS\System32\Tasks\YKHICJXT
2015-01-04 21:15 - 2015-01-04 21:15 - 00004372 _____ () C:\WINDOWS\System32\Tasks\ABOHA
2015-01-04 21:15 - 2015-01-04 21:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-04 21:15 - 2015-01-04 21:15 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-04 21:14 - 2015-01-05 08:49 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VOPackage
2015-01-04 21:14 - 2015-01-04 21:34 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\omiga-plus
2015-01-04 21:14 - 2015-01-04 21:16 - 00000000 ____D () C:\ProgramData\jItQNyBVnXO
2015-01-04 21:14 - 2015-01-04 21:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate
2015-01-04 21:14 - 2015-01-04 21:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-04 21:07 - 2015-01-05 07:59 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD4B8742-B9A0-465C-97C9-AF4D297AA612}
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieBrowserModeList
2014-12-19 09:39 - 2014-12-19 09:39 - 00000320 _____ () C:\Users\Christian\Downloads\BK_DAVE_000594DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:39 - 2014-12-19 09:39 - 00000310 _____ () C:\Users\Christian\Downloads\BK_RHDE_002130DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000303 _____ () C:\Users\Christian\Downloads\BK_LUEB_001376DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_002150DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_001995DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000319 _____ () C:\Users\Christian\Downloads\BK_ARGO_000769DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000316 _____ () C:\Users\Christian\Downloads\BK_ARGO_000498DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000314 _____ () C:\Users\Christian\Downloads\BK_RHDE_001547DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000307 _____ () C:\Users\Christian\Downloads\BK_RHDE_001511DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000299 _____ () C:\Users\Christian\Downloads\BK_RHDE_002234DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000295 _____ () C:\Users\Christian\Downloads\BK_HAMB_001071DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000291 _____ () C:\Users\Christian\Downloads\BK_LUEB_001403DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:31 - 00000328 _____ () C:\Users\Christian\Downloads\BK_LUEB_001461DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:31 - 00000318 _____ () C:\Users\Christian\Downloads\BK_RHDE_001614DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000320 _____ () C:\Users\Christian\Downloads\BK_LUEB_000607DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000310 _____ () C:\Users\Christian\Downloads\BK_LUEB_000678DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000308 _____ () C:\Users\Christian\Downloads\BK_RHDE_000841DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-12 08:53 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 08:53 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 07:53 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-11 07:53 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 20:27 - 2014-12-10 20:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 09:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 09:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 09:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 09:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 08:49 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 08:49 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 08:49 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 08:49 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 08:49 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 08:49 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 08:49 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 08:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 08:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 08:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 08:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 08:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 08:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 08:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 08:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 08:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 08:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 08:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 08:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 08:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 08:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 08:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 08:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 08:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 08:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 08:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 08:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 08:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 08:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 08:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 08:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 08:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 08:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 08:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 08:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 08:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 08:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 08:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 08:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 08:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 08:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 08:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 08:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 08:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 08:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 08:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-05 11:51 - 2013-05-31 16:17 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 11:36 - 2014-07-19 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ClassicShell
2015-01-05 10:33 - 2013-09-25 12:20 - 00000000 ____D () C:\Users\Christian\AppData\Local\E4A50210-E336-403E-85C1-A754E63DB458.aplzod
2015-01-05 09:49 - 2014-10-26 17:57 - 01621509 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-05 09:32 - 2013-05-31 16:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2015-01-05 08:53 - 2014-04-16 16:58 - 00000000 ___RD () C:\Users\Christian\Dropbox
2015-01-05 08:53 - 2014-04-16 16:21 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2015-01-05 08:50 - 2013-05-31 16:17 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 08:49 - 2014-09-23 22:06 - 00021094 _____ () C:\WINDOWS\PFRO.log
2015-01-05 08:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-05 08:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-04 21:34 - 2014-10-26 22:27 - 00001454 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-04 21:34 - 2014-09-20 10:04 - 00002316 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-04 21:34 - 2014-09-20 10:04 - 00002269 _____ () C:\Users\Christian\Desktop\Search.lnk
2015-01-04 21:34 - 2013-05-31 16:18 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 21:28 - 2013-07-12 13:07 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2015-01-01 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-31 17:47 - 2013-08-22 15:46 - 00336551 _____ () C:\WINDOWS\setupact.log
2014-12-31 12:50 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-31 12:50 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-31 12:50 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-29 13:31 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Christian\Documents\expenses
2014-12-26 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-19 07:45 - 2014-08-15 07:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-18 10:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 07:53 - 2014-09-19 07:28 - 00001076 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-12-17 07:53 - 2014-04-16 16:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 20:28 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-10 20:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 15:49 - 2013-05-31 16:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:48 - 2013-08-14 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 15:40 - 2013-06-01 11:33 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyxss9.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 09:32

==================== End Of Log ============================
         
--- --- ---




+++++

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Christian at 2015-01-05 12:00:48
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Amazon Cloud Player (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7141A3BC-9EBD-A6AB-CCAE-FBD4E4BFC870}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.2008153474 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
Benutzerhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell-Druckersoftware (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Nero MediaHome 4 Essentials (HKLM-x32\...\{09558d0a-a24d-4fba-a545-db7a7ac19afe}) (Version:  - Nero AG)
Nero MediaHome 4 Trial (HKLM-x32\...\{b7acd305-dcab-4189-8f19-dca53e683617}) (Version:  - Nero AG)
Netzwerkhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
streamWriter (HKLM-x32\...\streamWriter_is1) (Version:  - )
Support Center (HKLM\...\{50E36BBB-36A5-400A-8AC5-9F7C0BD751A2}) (Version: 2.1.80 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{BBF646B1-B6F6-4076-B653-972C777355BB}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-12-2014 15:32:43 Windows Update
18-12-2014 10:16:55 Windows Update
28-12-2014 11:49:21 Geplanter Prüfpunkt
05-01-2015 09:19:09 Revo Uninstaller's restore point - Movie Wizard

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03D464F7-79CB-4360-B588-33FE82588F0B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1770C77C-7FFB-4235-A722-15AC9E193406} - System32\Tasks\YKHICJXT => C:\Users\Christian\AppData\Roaming\YKHICJXT.exe [2015-01-04] (Enter) <==== ATTENTION
Task: {30B5096B-2FA8-4E94-A7F9-D04DDD1DA5F1} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-05-01] (SEC)
Task: {37D968E1-A472-428B-B023-018462699E48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {45CF81CE-4475-44D1-B149-E6CE3C5B8A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {4BA8038D-6ACB-4652-A500-A380A9E4B89F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5398F298-BEFF-45A8-A4A8-8827F31C2B00} - System32\Tasks\{93F291FB-1023-4509-9FCC-68C127477BB0} => pcalua.exe -a F:\INSTALL\RASETUP.EXE -d F:\INSTALL
Task: {55A71CE9-A563-4500-8F9D-991DBB074751} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {5FFD770A-D8AE-4753-8C1E-F788B15DA5BC} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {781554C1-1BE9-41AB-8881-36F0901214DA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {78DD4BAF-27F0-4717-924C-49A185500F9B} - System32\Tasks\ABOHA => C:\Users\Christian\AppData\Roaming\ABOHA.exe [2015-01-04] (HQ-VideoV04.01) <==== ATTENTION
Task: {884AE421-4A81-47B8-B3B1-5176AC3B4B39} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9DAF64D1-5723-4D15-87C6-37FC8A8A4519} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {A9C259C2-8B80-4BE2-9E21-1335380E8331} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B4D0DD66-F243-4543-9D90-F441C8F85846} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B8C6F579-66DD-401A-936B-9CEFF51B181A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {D6A790BC-3008-4ECB-99BD-52ED004C2D5E} - System32\Tasks\{DA25F2B4-FC78-428F-B81D-B67AD7218817} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {D9857484-3945-4E7B-ACD9-7D4C8A51E7DC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)
Task: {E88F64C1-A30A-486B-8778-1680A73945B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E8B43B43-E0EC-45D3-9B4F-A4AA0807FA92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)
Task: {EB4FF7EB-B3E9-4D77-BCE6-D4E225E55542} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {F596D76D-82C2-417C-B75E-59C0F7589643} - System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1
Task: C:\WINDOWS\Tasks\ABOHA.job => C:\Users\Christian\AppData\Roaming\ABOHA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\YKHICJXT.job => C:\Users\Christian\AppData\Roaming\YKHICJXT.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-12-05 19:44 - 2012-12-05 19:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-12-05 19:39 - 2012-12-05 19:39 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-12-05 19:41 - 2012-12-05 19:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-05 19:44 - 2012-12-05 19:44 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-05-08 13:44 - 2014-03-07 21:39 - 03168576 _____ () C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-08-15 07:39 - 2014-08-15 07:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-01-04 21:15 - 2015-01-04 21:15 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2015-01-05 09:16 - 2015-01-05 09:16 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-06-02 15:24 - 2012-10-22 10:21 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2013-06-02 15:24 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-06-02 15:24 - 2012-07-09 16:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2013-06-02 15:24 - 2012-03-23 09:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2012-09-18 12:12 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-08-15 07:39 - 2014-08-15 07:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-05 08:53 - 2015-01-05 08:53 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyxss9.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-18 11:54 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-12 07:52 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 07:52 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 07:52 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 07:52 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 07:52 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"

========================= Accounts: ==========================

Administrator (S-1-5-21-2678595623-4148133582-4009595467-500 - Administrator - Disabled)
Christian (S-1-5-21-2678595623-4148133582-4009595467-1001 - Administrator - Enabled) => C:\Users\Christian
Gast (S-1-5-21-2678595623-4148133582-4009595467-501 - Limited - Disabled)
NeroMediaHomeUser.4 (S-1-5-21-2678595623-4148133582-4009595467-1015 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4

==================== Faulty Device Manager Devices =============

Name: TSSTcorp CDDVDW SN-208BB
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 09:11:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.7, Zeitstempel: 0x51801d61
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x1dd0
Startzeit der fehlerhaften Anwendung: 0xWCScheduler.exe0
Pfad der fehlerhaften Anwendung: WCScheduler.exe1
Pfad des fehlerhaften Moduls: WCScheduler.exe2
Berichtskennung: WCScheduler.exe3
Vollständiger Name des fehlerhaften Pakets: WCScheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WCScheduler.exe5

Error: (01/05/2015 08:57:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5a4

Startzeit: 01d028bc864fb28b

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe

Berichts-ID: 7a7dff4e-94b0-11e4-bebb-50b7c34e570f

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (01/05/2015 08:04:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.7, Zeitstempel: 0x51801d61
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f0d6c
ID des fehlerhaften Prozesses: 0x1b60
Startzeit der fehlerhaften Anwendung: 0xWCScheduler.exe0
Pfad der fehlerhaften Anwendung: WCScheduler.exe1
Pfad des fehlerhaften Moduls: WCScheduler.exe2
Berichtskennung: WCScheduler.exe3
Vollständiger Name des fehlerhaften Pakets: WCScheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WCScheduler.exe5

Error: (01/05/2015 07:55:18 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28267235

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28267235

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9266

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9266

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/05/2015 11:49:28 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/05/2015 11:48:58 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 11:42:15 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/05/2015 11:41:33 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 11:35:26 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 11:34:46 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/05/2015 11:27:48 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/05/2015 11:27:06 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 11:19:33 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/05/2015 11:18:52 AM) (Source: DCOM) (EventID: 10010) (User: Chris)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (03/04/2014 10:50:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1518 seconds with 1380 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 28%
Total physical RAM: 8083.42 MB
Available physical RAM: 5807.29 MB
Total Pagefile: 9683.43 MB
Available Pagefile: 5329.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.3 GB) (Free:473.28 GB) NTFS
Drive h: () (Removable) (Total:1.92 GB) (Free:0.63 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 4F494D44)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---


Alt 05.01.2015, 16:08   #6
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Pandora Service
    SafeFinder Smartbar

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
--> Movie Wizard entfernen

Alt 05.01.2015, 18:12   #7
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



revo erledigt

adw:AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 16:35:06
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Christian - CHRIS
# Gestartet von : C:\Users\Christian\Downloads\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Christian\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Christian\AppData\Local\LPT
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Christian\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Christian\AppData\Local\MovieWizard
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\Wnkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : geggofhlfbcmanadhknllmlajiafopoh

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2354 octets] - [27/07/2014 08:36:52]
AdwCleaner[R1].txt - [19965 octets] - [05/01/2015 16:28:03]
AdwCleaner[S0].txt - [2165 octets] - [27/07/2014 08:37:35]
AdwCleaner[S1].txt - [16219 octets] - [05/01/2015 16:35:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [16280 octets] ##########
         
--- --- ---
rest folgt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Christian on 05.01.2015 at 16:47:49,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink



~~~ Files

Successfully deleted: [File] "C:\Users\Christian\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Christian\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at 16:55:54,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05.01.2015
Scan Time: 16:59:50
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395774
Time Elapsed: 42 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\rYsSZF.exe, 3248, Delete-on-Reboot, [9c2e3fb46326e056cfff901813eec53b]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.MovieWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rYsSZF, Quarantined, [9c2e3fb46326e056cfff901813eec53b],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [e4e6787be3a62016a116f4297f8435cb],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [8149d81bf5948da9aace6300847fcc34],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [547637bc3d4cc670bc83680dc0432ed2],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],

Registry Values: 1
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_57, Quarantined, [48826b88d2b77eb860aa1a4efa098d73],

Registry Data: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfBjU-QQWRZo0MEKYtVExFYw_wZR3gqptKtktHaYxKsvFn-FbVbapFJhoQLVyUdO6SwVYZgmxafTObJ0ifN_9A,,, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfBjU-QQWRZo0MEKYtVExFYw_wZR3gqptKtktHaYxKsvFn-FbVbapFJhoQLVyUdO6SwVYZgmxafTObJ0ifN_9A,,),Replaced,[9634d41f602936002bb0c1bc91749c64]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[309a9e5553361620bc24ea934bbab848]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[6d5d82711b6e3501815d3c41a06546ba]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[3c8e4ca77b0ea1951ac985f8a75ee51b]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[c00a4fa42861b08613d12657d92c03fd]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[fbcfa94a1f6a91a5a93dbac37095629e]

Folders: 31
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\MovieWizard, Quarantined, [cbfffaf98efb5bdb01508305ab585aa6],
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [4882b241ddaca393b5d53be3c43f847c],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],

Files: 116
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\rYsSZF.exe, Delete-on-Reboot, [9c2e3fb46326e056cfff901813eec53b],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\FBQPiVZL.exe, Delete-on-Reboot, [19b10de60e7b2214f3dbc4e454ad47b9],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\IHHpKvw.exe, Delete-on-Reboot, [ca0003f0a1e85adc824c198fbb46e719],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\kSRMXqJ.dll, Delete-on-Reboot, [73572dc6cbbef83e2457f188f0153cc4],
PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Roaming\ABOHA.exe, Quarantined, [ac1ed221d2b772c44994e8d4fd087e82],
PUP.Optional.MediaPlayerVideo.A, C:\Users\Christian\AppData\Roaming\YKHICJXT.exe, Quarantined, [d3f7ce2557329d9978ef6b530ff6a858],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [5377698a6a1f67cfc666857f05fd7c84],
PUP.Optional.Tuto4PC.A, C:\Users\Christian\AppData\Local\Temp\20da783a-30b5-47a2-bc40-2b94ef986a56\games desktop.exe, Quarantined, [fcce22d12366e6503d5599614db4ba46],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\Temp\405917f5-d559-4e06-aa02-4b843880eabb\setup.exe, Quarantined, [24a6ae452f5a58de0f0272eb659bea16],
PUP.Optional.StormWatch.A, C:\Users\Christian\AppData\Local\Temp\4d8efcb2-fe7f-4b3a-ab85-1687a2333324\setup.exe, Quarantined, [8248d51ee6a38ea89222b0a5fe029868],
PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Local\Temp\8bd513da-160f-4d3a-9fdc-6ddf99d5df7d\setup.exe, Quarantined, [07c339ba0683181e2a0ab42d40c1936d],
PUP.Optional.XTab.A, C:\Users\Christian\AppData\Local\Temp\~dl38E0\~dljyb\tmp\STab_v4.0.exe, Quarantined, [dcee36bdfc8d51e5e646b74da06213ed],
PUP.Optional.WindowsProtectManger.A, C:\Users\Christian\AppData\Local\Temp\~dl38E0\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [45854aa90f7a89ad1abe5c66e31e5ba5],
PUP.Optional.Bandoo, C:\Users\Christian\Downloads\iLividSetup-r400-n-bc.exe, Quarantined, [d0fa747f6920082eeb4d71b9bf42d62a],
PUP.Optional.Softonic, C:\Users\Christian\Downloads\SoftonicDownloader_fuer_photoscape.exe, Quarantined, [606ad320088196a059de4ed76a97cb35],
Adware.Linkular, C:\Users\Christian\Downloads\VLCPlus_Setup (1).exe, Quarantined, [e8e28e652d5cfc3a628df4bc20e5af51],
Adware.Linkular, C:\Users\Christian\Downloads\VLCPlus_Setup.exe, Quarantined, [a426af4430593204b738dfd1778e58a8],
PUP.Optional.SnapDo.A, C:\Windows\Installer\24ab3d40.msi, Quarantined, [3a90c82b07822214751f673da35e04fc],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI610F.tmp, Quarantined, [01c95c978801c96d532ce44a4db3a759],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIC332.tmp, Quarantined, [c406fef5b3d6ba7cf08f52dcda262bd5],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI2CB3.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [5c6e688bfb8e9a9c5c23e84645bbc63a],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.OmigaPlus.A, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, Quarantined, [bf0b25cee9a04cea5d83b5b336cdf20e],
PUP.Optional.OmigaPlus.A, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, Quarantined, [5674fcf741486bcbd0103b2d956e11ef],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\MovieWizard\data2.dat, Quarantined, [cbfffaf98efb5bdb01508305ab585aa6],
Rogue.Multiple, C:\ProgramData\2355320829\BIT2BF0.tmp, Quarantined, [4882b241ddaca393b5d53be3c43f847c],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleCrashHandler.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdate.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateBroker.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateHelper.msi, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateOnDemand.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\goopdate.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\goopdateres_en.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\npGoogleUpdate4.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\psmachine.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\psuser.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleCrashHandler.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdate.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateBroker.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateHelper.msi, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateOnDemand.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\goopdate.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\goopdateres_en.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\npGoogleUpdate4.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\psmachine.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\psuser.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],

Physical Sectors: 0
(No malicious items detected)


(end)



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Christian (administrator) on CHRIS on 05-01-2015 18:07:09
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Amazon Cloud Player] => C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: [S-1-5-21-2678595623-4148133582-4009595467-1015] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]

Chrome: 
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]
CHR Extension: (Adguard AdBlocker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-05]
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-05]
CHR Extension: (Adblock for Youtube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-05]
CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-05]
CHR Extension: (avast! Online Security) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-31]
CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-05-31]
CHR Extension: (Top Eleven) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:06 - 2015-01-05 18:06 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe
2015-01-05 17:57 - 2015-01-05 17:57 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-05 17:50 - 2015-01-05 17:50 - 00025585 _____ () C:\Users\Christian\Desktop\mbam.txt
2015-01-05 16:59 - 2015-01-05 16:59 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 16:58 - 2015-01-05 16:58 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-05 16:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-05 16:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-05 16:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-05 16:57 - 2015-01-05 16:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 16:55 - 2015-01-05 16:55 - 00001130 _____ () C:\Users\Christian\Desktop\JRT.txt
2015-01-05 16:47 - 2015-01-05 16:47 - 01707939 _____ (Thisisu) C:\Users\Christian\Downloads\JRT (2).exe
2015-01-05 16:46 - 2015-01-05 16:46 - 01707939 _____ (Thisisu) C:\Users\Christian\Downloads\JRT (1).exe
2015-01-05 16:27 - 2015-01-05 16:27 - 02173952 _____ () C:\Users\Christian\Downloads\AdwCleaner_4.106.exe
2015-01-05 12:00 - 2015-01-05 12:02 - 00036135 _____ () C:\Users\Christian\Downloads\Addition.txt
2015-01-05 11:59 - 2015-01-05 18:07 - 00026056 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-01-05 11:59 - 2015-01-05 18:07 - 00000000 ____D () C:\FRST
2015-01-05 11:58 - 2015-01-05 11:58 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-01-05 09:17 - 2015-01-05 09:17 - 00001284 _____ () C:\Users\Christian\Desktop\Revo Uninstaller.lnk
2015-01-05 09:17 - 2015-01-05 09:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-05 09:13 - 2015-01-05 09:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe
2015-01-05 08:47 - 2015-01-05 08:47 - 19244986 _____ () C:\Users\Christian\Downloads\Nicht bestätigt 147680.crdownload
2015-01-05 08:34 - 2015-01-05 08:35 - 20008315 _____ () C:\Users\Christian\Downloads\Silverlight_5.1.30214.zip
2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim.exe
2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim (1).exe
2015-01-04 21:26 - 2015-01-04 21:26 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237}
2015-01-04 21:15 - 2015-01-05 17:53 - 00001714 _____ () C:\WINDOWS\Tasks\YKHICJXT.job
2015-01-04 21:15 - 2015-01-05 17:53 - 00001364 _____ () C:\WINDOWS\Tasks\ABOHA.job
2015-01-04 21:15 - 2015-01-04 21:15 - 00004720 _____ () C:\WINDOWS\System32\Tasks\YKHICJXT
2015-01-04 21:15 - 2015-01-04 21:15 - 00004372 _____ () C:\WINDOWS\System32\Tasks\ABOHA
2015-01-04 21:14 - 2015-01-05 17:52 - 00000000 ____D () C:\ProgramData\jItQNyBVnXO
2015-01-04 21:07 - 2015-01-05 14:00 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD4B8742-B9A0-465C-97C9-AF4D297AA612}
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList
2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieBrowserModeList
2014-12-19 09:39 - 2014-12-19 09:39 - 00000320 _____ () C:\Users\Christian\Downloads\BK_DAVE_000594DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:39 - 2014-12-19 09:39 - 00000310 _____ () C:\Users\Christian\Downloads\BK_RHDE_002130DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000303 _____ () C:\Users\Christian\Downloads\BK_LUEB_001376DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_002150DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_001995DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000319 _____ () C:\Users\Christian\Downloads\BK_ARGO_000769DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000316 _____ () C:\Users\Christian\Downloads\BK_ARGO_000498DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000314 _____ () C:\Users\Christian\Downloads\BK_RHDE_001547DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000307 _____ () C:\Users\Christian\Downloads\BK_RHDE_001511DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000299 _____ () C:\Users\Christian\Downloads\BK_RHDE_002234DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000295 _____ () C:\Users\Christian\Downloads\BK_HAMB_001071DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:37 - 2014-12-19 09:37 - 00000291 _____ () C:\Users\Christian\Downloads\BK_LUEB_001403DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:31 - 00000328 _____ () C:\Users\Christian\Downloads\BK_LUEB_001461DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:31 - 00000318 _____ () C:\Users\Christian\Downloads\BK_RHDE_001614DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000320 _____ () C:\Users\Christian\Downloads\BK_LUEB_000607DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000310 _____ () C:\Users\Christian\Downloads\BK_LUEB_000678DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-19 09:30 - 2014-12-19 09:30 - 00000308 _____ () C:\Users\Christian\Downloads\BK_RHDE_000841DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh
2014-12-12 08:53 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-12 08:53 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 07:53 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-11 07:53 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 20:27 - 2014-12-10 20:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 09:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 09:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 09:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 09:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 08:49 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 08:49 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 08:49 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 08:49 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 08:49 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 08:49 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 08:49 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 08:49 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 08:49 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 08:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 08:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 08:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 08:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 08:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 08:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 08:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 08:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 08:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 08:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 08:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 08:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 08:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 08:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 08:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 08:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 08:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 08:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 08:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 08:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 08:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 08:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 08:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 08:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 08:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 08:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 08:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 08:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 08:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 08:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 08:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 08:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 08:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 08:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 08:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 08:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 08:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 08:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 08:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 18:03 - 2014-07-19 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ClassicShell
2015-01-05 18:01 - 2013-09-25 12:20 - 00000000 ____D () C:\Users\Christian\AppData\Local\E4A50210-E336-403E-85C1-A754E63DB458.aplzod
2015-01-05 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-05 17:59 - 2014-04-16 16:58 - 00000000 ___RD () C:\Users\Christian\Dropbox
2015-01-05 17:59 - 2013-05-31 16:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001
2015-01-05 17:58 - 2014-08-15 07:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-05 17:58 - 2014-04-16 16:21 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2015-01-05 17:54 - 2013-05-31 16:17 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 17:52 - 2014-09-23 22:06 - 00057338 _____ () C:\WINDOWS\PFRO.log
2015-01-05 17:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-05 17:52 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-05 17:51 - 2013-05-31 16:17 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 16:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-05 16:35 - 2014-07-27 08:33 - 00000000 ____D () C:\AdwCleaner
2015-01-05 09:49 - 2014-10-26 17:57 - 01621509 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-04 21:34 - 2014-10-26 22:27 - 00001454 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-04 21:34 - 2014-09-20 10:04 - 00002316 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-04 21:34 - 2014-09-20 10:04 - 00002269 _____ () C:\Users\Christian\Desktop\Search.lnk
2015-01-04 21:34 - 2013-05-31 16:18 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 21:28 - 2013-07-12 13:07 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2015-01-01 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-31 17:47 - 2013-08-22 15:46 - 00336551 _____ () C:\WINDOWS\setupact.log
2014-12-31 12:50 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-31 12:50 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-31 12:50 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-29 13:31 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Christian\Documents\expenses
2014-12-26 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-12-17 07:53 - 2014-09-19 07:28 - 00001076 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-12-17 07:53 - 2014-04-16 16:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 20:28 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-10 20:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 15:49 - 2013-05-31 16:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 15:48 - 2013-08-14 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 15:40 - 2013-06-01 11:33 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpga70yv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 17:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 06.01.2015, 08:49   #8
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Das sieht schon sehr gut aus, der Movie Wizard dürfte aktuell nicht mehr auftauchen.

Noch ein paar Reste und verwaistes + temporäre Dateien löschen, der ESET Scan am Ende wird einige Zeit brauchen (Stunden) :

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 06.01.2015, 22:39   #9
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Christian at 2015-01-06 17:02:02 Run:1
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
emptytemp:

*****************

"HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:02:36 ====

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuClient.exe
Symantec Norton Online Backup NOBuAgent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=004ed65630d97544a7830b60d80b6ab0
# engine=21839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 07:42:45
# local_time=2015-01-06 08:42:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777214 100 97 2296358 184993855 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4751027 36696645 0 0
# scanned=228888
# found=48
# cleaned=0
# scan_time=10947
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=7F55F0BDF9198C07107A5C331DAF1FD0B2D68BDB ft=1 fh=40df201e40390e46 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=AD1BF4CF62786788C0440C060BCFBCA0A06A3188 ft=1 fh=a16c06f51dd861fe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\LPT\sppsm.dll.vir"
sh=DDE17349886FC1A7D13E8D0F41D6A4CE5A394D01 ft=1 fh=c9bce873ebed2a5f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\LPT\spusm.dll.vir"
sh=C7ACB89F4541A3F65D5CFE90B9004C6BFEC2C8FA ft=1 fh=9e66ceb26218c551 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\LPT\srbs.dll.vir"
sh=542C70B56113D6CB5A2FD51DAFA02FB3FDEE1917 ft=1 fh=9bb68e157a308082 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\LPT\srptc.dll.vir"
sh=70511E1DC237B11EB2DA47764E2F58D66884A8D4 ft=1 fh=8926dceffb73a01c vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=857CC3345A3822AF53B1929B8A2BBCF72BB1391E ft=1 fh=acc9f12da781c207 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dl l.vir"
sh=0414957AE0D2B342AB58CA7C0DEB191EB252F689 ft=1 fh=513fca58ac50a90d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dl l.vir"
sh=2A78FC37034AA9C58B1B2D47929D23620D62C657 ft=1 fh=3d7c65ead160cf01 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dl l.vir"
sh=D0E111B46081B7F29F5F97BBD27826BE7FF2D100 ft=1 fh=8fb3d533241ad012 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dl l.vir"
sh=DA8A32C2FC62802F155C7B8DC2B3DFBB58672098 ft=1 fh=6e51ce951b902f0d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dl l.vir"
sh=FA63E2B986E0D6F5312E74B7AFFF49030529B199 ft=1 fh=5eb8c17bce0f839a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dl l.vir"
sh=C513E316EE88ED66F7EA1A44BD889C89B1860E0D ft=1 fh=001996f75051ad99 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Christian\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir "
sh=E6BD8F5EFE24CF921209AE0C2A2E5BEFBE8ACEDE ft=1 fh=f5839ea66906a236 vn="Win32/Toolbar.Conduit.G evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\Local\Conduit\CT2481020\Ashampoo_DEAutoUpdateHelper.exe"
sh=1B37BEC7610109F594112CFB3D31145270C9B448 ft=1 fh=40977a3eb07e85f1 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\hk64tbAsh0.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\hk64tbAsh2.dll"
sh=D0ED81A632CE3D57C8B76105DA25F471D47B3E75 ft=1 fh=fc399cefd8e91d81 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\hktbAsh0.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\hktbAsh2.dll"
sh=2AA1E2644D392689B767F9208ABD40C8CF9A0830 ft=1 fh=6a69b43ed4700d25 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\ldrtbAsh0.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\ldrtbAsh2.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\ldrtbAsha.dll"
sh=9D2D4D6F4434A89BCEEE7132C24890550E01479C ft=1 fh=2a05e04e6030aaf6 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\tbAsh0.dll"
sh=F16D879DF00FDBFC5935AA3E543331AC8E23CB3F ft=1 fh=84f57c161db7dac2 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\tbAsh1.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\tbAsh2.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\tbAsha.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\AppData\LocalLow\Ashampoo_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=DF03019EA4962809E1AE99549D8A650DDE8DE9B6 ft=1 fh=f4bae2cd41aaec6e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Altes c\Christian Rüttger\Downloads\ashampoo_burning_studio_6_free_6.81_3639.exe"
sh=80915927D23ED0F93DDF234F1A07AACF3EB90CD4 ft=1 fh=d3372b907a7753ac vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Altes d\Eigene Dateien\ps_radio2015.exe"
sh=BBC107B3C4335A094162EA909ED16DEC2B56B01F ft=1 fh=421fc8cb27121ff1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Altes d\Eigene Dateien\downloads\Integrated_FreewareDE.exe"
sh=40A8D0BA792EB7A48CEA0F54994CD4B04D76CD9A ft=1 fh=1b9df70b39057000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Altes d\Eigene Dateien\downloads\SoftonicDownloader_fuer_7-zip.exe"
sh=67218EC7AB4C2306F2B76E5320556953DE34DDAB ft=1 fh=b9f2ea2dd5ee429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\jItQNyBVnXO\dat\hmngBbhAam.dll"
sh=67218EC7AB4C2306F2B76E5320556953DE34DDAB ft=1 fh=b9f2ea2dd5ee429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\jItQNyBVnXO\dat\hmngBbhAam.dll"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Roaming\ABOHA"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\AppData\Roaming\YKHICJXT"
sh=E15EC5DFC39C5F7E7EEAB86EB8942EA0140C8BF4 ft=1 fh=923e0f9c2b7728b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\Classic Shell - CHIP-Installer.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\PDFCreator-1_7_3_setup (1).exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\PDFCreator-1_7_3_setup (2).exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\PDFCreator-1_7_3_setup (3).exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\PDFCreator-1_7_3_setup.exe"
sh=84BC086CBF57ACE0050B8E543EED4900C6E1B26F ft=1 fh=e9eb93c84dbab371 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christian\Downloads\samsung-kies_setup.exe"
sh=5204CDF0A800C869C45AB2407D70BC0A9B85A84E ft=1 fh=7ec9834b5d8a918a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=782C3DDE42011916B89CD4668A43F5FDA292DBCD ft=1 fh=fd5408eb1a78d8ce vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\sppsm.dll"
sh=E3A2963378AB8574657E5D3158F2922975DBCB3D ft=1 fh=9155912454d21124 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\spusm.dll"
sh=9940AB97898E7C4F5A46C846E687AAE686954D57 ft=1 fh=b045d5d7555ccc06 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\srbs.dll"
sh=FB0465D7EA7112E23783518738711C283D6B7E27 ft=1 fh=bd1ab8932c63b270 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\srbu.dll"
sh=9C82ABC3B93FCAB4B17266F854BB07CACE5C6899 ft=1 fh=b81a20d7128256d0 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI2CB3.tmp-\srptc.dll"




so, das war alles glaub ich .... und wie schauts ?

Alt 07.01.2015, 09:35   #10
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Dein Java ist nicht mehr aktuell.
Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 8 Update 25 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck

Avast! meldet das er nicht up-to-date ist !


Das ESET Log sieht ok aus. Noch ein paar Reste löschen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
"C:\ProgramData\jItQNyBVnXO\"
"C:\Users\All Users\jItQNyBVnXO\"
"C:\Users\Christian\AppData\Roaming\ABOHA"
"C:\Users\Christian\AppData\Roaming\YKHICJXT"
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Im Eset Log sind ausserdem noch einige .dlls die scheinbar aus einer Laufwerk-Sicherung stammen, muss man nicht unbedingt löschen, ausser du würdest das komplette Laufwerk daraus wiederherstellen, was mich erstaunen würde

Ein paar Setups mit Adware, ist leider gang und gebe heutzutage.

Ein Tipp zu Chip+Softonic:

Chip/Softonic Downloader:

Bei Chip.de und Softonic gibt es beim Download zwei Möglichkeiten:
einmal den Chip Downloader mit DownloadSponsor, der Werbung mitbringt und gern versucht, den User dazu zu überreden, noch diese und jene Toolbar zu installieren.

Und es gibt immer den alternativen Download, das ist die eigentliche Anwendung als Setup, so wie sie vom Hersteller kommt. Der Alternativlink ist genau unter der Chip Download-Schaltfläche.





Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
  • verwende für jede Anwendung und jeden Account ein anderes Passwort
  • ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist dieses sehr wichtig
  • speichere keine Passwörter auf deinem PC, gib diese nicht an dritte weiter
  • ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen
  • benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster
  • verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 08.01.2015, 17:00   #11
Jazon123
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Christian at 2015-01-08 16:51:31 Run:2
Running from C:\Users\Christian\Downloads
Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
"C:\ProgramData\jItQNyBVnXO\"
"C:\Users\All Users\jItQNyBVnXO\"
"C:\Users\Christian\AppData\Roaming\ABOHA"
"C:\Users\Christian\AppData\Roaming\YKHICJXT"

*****************

C:\ProgramData\jItQNyBVnXO => Moved successfully.
"C:\Users\All Users\jItQNyBVnXO" => File/Directory not found.
C:\Users\Christian\AppData\Roaming\ABOHA => Moved successfully.
C:\Users\Christian\AppData\Roaming\YKHICJXT => Moved successfully.

==== End of Fixlog 16:51:32 ====

danke soweit, das mit:



Die Reihenfolge ist hier entscheidend.
Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)

etc habe ich nicht verstanden

Alt 08.01.2015, 17:03   #12
Warlord711
/// TB-Ausbilder
 
Movie Wizard entfernen - Standard

Movie Wizard entfernen



Zitat:
Die Reihenfolge ist hier entscheidend.
Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
Naja ist doch ganz einfach:

Falls Defogger benutzt wurde.... hast du nicht, also ignorieren
Falls Combofix benutzt wurde.... hast du nicht, also ignorieren




Warum ich das geschrieben habe ?

Nunja, wir arbeiten mit Textbausteinen, weil wir anstatt z.b. 10 User am Tag zu bearbeiten, nur 2 User schaffen würden und dann die Nase voll vom Tippen hätten...

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort

Themen zu Movie Wizard entfernen
adware.linkular, msil/toolbar.linkury.g, msil/toolbar.linkury.i, pandora service entfernen, pup.optional.bandoo, pup.optional.crossrider.a, pup.optional.gamesdesktop.a, pup.optional.globalupdate.a, pup.optional.ihprotect.a, pup.optional.mediaplayervideo.a, pup.optional.moviewizard.a, pup.optional.omigaplus.a, pup.optional.safefinder.a, pup.optional.smartbar, pup.optional.snapdo.a, pup.optional.snapdo.t, pup.optional.softonic, pup.optional.stormwatch.a, pup.optional.tuto4pc.a, pup.optional.windowsprotectmanger.a, pup.optional.xtab.a, rogue.multiple, safefinder smartbar entfernen, win32/elex.bh, win32/toolbar.linkury.d



Ähnliche Themen: Movie Wizard entfernen


  1. Windows Live Movie Makter Crash
    Plagegeister aller Art und deren Bekämpfung - 10.11.2015 (10)
  2. Movie Wizard entfernt, Werbung bleibt weiterhin bestehen.
    Plagegeister aller Art und deren Bekämpfung - 14.02.2015 (8)
  3. Movie Wizard lässt sich nicht Deinstallieren
    Log-Analyse und Auswertung - 07.02.2015 (21)
  4. Movie Wizard entfernen. Trotz löschen weiterhin Werbung
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (20)
  5. Movie wizard und Werbebanner entfernen
    Log-Analyse und Auswertung - 20.01.2015 (31)
  6. "TV Wizard" entfernen
    Anleitungen, FAQs & Links - 25.06.2014 (2)
  7. Movie Master entfernen
    Anleitungen, FAQs & Links - 25.06.2014 (2)
  8. Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (9)
  9. Windows Live Movie Maker (Installationsproblem)
    Alles rund um Windows - 24.11.2013 (3)
  10. Windows Safety Wizard entfernen
    Anleitungen, FAQs & Links - 03.06.2012 (2)
  11. Internet Explorer Connection Wizard entfernen?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (1)
  12. Movie maker defekt?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2009 (2)
  13. Windows Movie Maker ALTERNATIVEN
    Alles rund um Windows - 15.01.2008 (3)
  14. Windows Movie Maker SPINNT
    Alles rund um Windows - 01.03.2006 (3)
  15. Antivir hat Java/Dldr.Movie.A gefunden
    Log-Analyse und Auswertung - 24.02.2006 (8)
  16. Virenmeldunhg JAVA/Dldr.Movie.A
    Plagegeister aller Art und deren Bekämpfung - 28.09.2005 (1)
  17. dailer in Movie?? .wmv
    Plagegeister aller Art und deren Bekämpfung - 06.10.2004 (6)

Zum Thema Movie Wizard entfernen - Hallöchen, einmal falsch geklickt ..... 10 Programme installiert .... 9 davon haben sich einfach entfernen lassen (hofe ich ) aber movie wizard bekomme ich nicht weg, seitdem ballert mir das - Movie Wizard entfernen...
Archiv
Du betrachtest: Movie Wizard entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.