Trojaner-Board - Movie Wizard entfernen

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by Christian (administrator) on CHRIS on 05-01-2015 11:59:19

Running from C:\Users\Christian\Downloads

Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe

(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Small Island Development) C:\ProgramData\jItQNyBVnXO\rYsSZF.exe

(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

() C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

() C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)

HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)

HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)

HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [gmsd_de_57] => [X]

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Amazon Cloud Player] => C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = omiga-plus

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = omiga-plus

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = omiga-plus

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = omiga-plus

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Start Page = Search,,

HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

URLSearchHook: [S-1-5-21-2678595623-4148133582-4009595467-1015] ATTENTION ==> Default URLSearchHook is missing.

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe omiga-plus

SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420402480&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=ME624538F-FA89-4AB3-866D-9AA8BBADEA52&SearchSource=58&CUI=&UM=8&UP=SP6EF89D65-F58D-40E2-94DC-242AE157431D&q={searchTerms}&SSPV=

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420402501&from=tugs&uid=HitachiXHTS547575A9E384_J2190020DSG2VDDSG2VDX&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
 

Chrome: 

=======

CHR HomePage: Default -> https://www.google.de/

CHR StartupUrls: Default -> "https://www.google.de/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ProxFlow) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]

CHR Extension: (Adguard AdBlocker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-05]

CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-05]

CHR Extension: (Adblock for Youtube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-05]

CHR Extension: (Avast SafePrice) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-23]

CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-05]

CHR Extension: (avast! Online Security) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-31]

CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-05-31]

CHR Extension: (Top Eleven) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-08-30]

CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-15]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)

R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)

R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)

R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

R2 rYsSZF; C:\ProgramData\jItQNyBVnXO\rYsSZF.exe [2734456 2015-01-04] (Small Island Development)

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-04] (Fuyu LIMITED) [File not signed]

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-05 11:59 - 2015-01-05 11:59 - 00033499 _____ () C:\Users\Christian\Downloads\FRST.txt

2015-01-05 11:59 - 2015-01-05 11:59 - 00000000 ____D () C:\FRST

2015-01-05 11:58 - 2015-01-05 11:58 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe

2015-01-05 09:17 - 2015-01-05 09:17 - 00001284 _____ () C:\Users\Christian\Desktop\Revo Uninstaller.lnk

2015-01-05 09:17 - 2015-01-05 09:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-05 09:13 - 2015-01-05 09:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe

2015-01-05 08:51 - 2015-01-05 08:51 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-01-05 08:47 - 2015-01-05 08:47 - 19244986 _____ () C:\Users\Christian\Downloads\Nicht bestätigt 147680.crdownload

2015-01-05 08:34 - 2015-01-05 08:35 - 20008315 _____ () C:\Users\Christian\Downloads\Silverlight_5.1.30214.zip

2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim.exe

2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim (1).exe

2015-01-04 21:26 - 2015-01-04 21:26 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237}

2015-01-04 21:25 - 2015-01-04 21:25 - 00000000 ____D () C:\Program Files (x86)\predm

2015-01-04 21:21 - 2015-01-04 21:21 - 00000000 ____D () C:\ProgramData\2355320829

2015-01-04 21:17 - 2015-01-04 21:17 - 00004016 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup

2015-01-04 21:16 - 2015-01-05 09:49 - 00000000 ____D () C:\Users\Christian\AppData\Local\MovieWizard

2015-01-04 21:15 - 2015-01-05 11:33 - 00001714 _____ () C:\WINDOWS\Tasks\YKHICJXT.job

2015-01-04 21:15 - 2015-01-05 08:49 - 00001364 _____ () C:\WINDOWS\Tasks\ABOHA.job

2015-01-04 21:15 - 2015-01-04 21:16 - 00000000 ____D () C:\Program Files (x86)\XTab

2015-01-04 21:15 - 2015-01-04 21:15 - 02047464 _____ (HQ-VideoV04.01) C:\Users\Christian\AppData\Roaming\ABOHA.exe

2015-01-04 21:15 - 2015-01-04 21:15 - 02047464 _____ (Enter) C:\Users\Christian\AppData\Roaming\YKHICJXT.exe

2015-01-04 21:15 - 2015-01-04 21:15 - 00004720 _____ () C:\WINDOWS\System32\Tasks\YKHICJXT

2015-01-04 21:15 - 2015-01-04 21:15 - 00004372 _____ () C:\WINDOWS\System32\Tasks\ABOHA

2015-01-04 21:15 - 2015-01-04 21:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect

2015-01-04 21:15 - 2015-01-04 21:15 - 00000000 ____D () C:\ProgramData\IHProtectUpDate

2015-01-04 21:14 - 2015-01-05 08:49 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VOPackage

2015-01-04 21:14 - 2015-01-04 21:34 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\omiga-plus

2015-01-04 21:14 - 2015-01-04 21:16 - 00000000 ____D () C:\ProgramData\jItQNyBVnXO

2015-01-04 21:14 - 2015-01-04 21:14 - 00000000 ____D () C:\Users\Christian\AppData\Local\globalUpdate

2015-01-04 21:14 - 2015-01-04 21:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate

2015-01-04 21:07 - 2015-01-05 07:59 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD4B8742-B9A0-465C-97C9-AF4D297AA612}

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieBrowserModeList

2014-12-19 09:39 - 2014-12-19 09:39 - 00000320 _____ () C:\Users\Christian\Downloads\BK_DAVE_000594DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:39 - 2014-12-19 09:39 - 00000310 _____ () C:\Users\Christian\Downloads\BK_RHDE_002130DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000303 _____ () C:\Users\Christian\Downloads\BK_LUEB_001376DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_002150DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_001995DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000319 _____ () C:\Users\Christian\Downloads\BK_ARGO_000769DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000316 _____ () C:\Users\Christian\Downloads\BK_ARGO_000498DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000314 _____ () C:\Users\Christian\Downloads\BK_RHDE_001547DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000307 _____ () C:\Users\Christian\Downloads\BK_RHDE_001511DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000299 _____ () C:\Users\Christian\Downloads\BK_RHDE_002234DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000295 _____ () C:\Users\Christian\Downloads\BK_HAMB_001071DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000291 _____ () C:\Users\Christian\Downloads\BK_LUEB_001403DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:31 - 00000328 _____ () C:\Users\Christian\Downloads\BK_LUEB_001461DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:31 - 00000318 _____ () C:\Users\Christian\Downloads\BK_RHDE_001614DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000320 _____ () C:\Users\Christian\Downloads\BK_LUEB_000607DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000310 _____ () C:\Users\Christian\Downloads\BK_LUEB_000678DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000308 _____ () C:\Users\Christian\Downloads\BK_RHDE_000841DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-12 08:53 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2014-12-12 08:53 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2014-12-11 07:53 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-12-11 07:53 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 20:27 - 2014-12-10 20:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2014-12-10 09:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll

2014-12-10 09:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-10 09:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2014-12-10 09:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2014-12-10 08:49 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-12-10 08:49 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-12-10 08:49 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2014-12-10 08:49 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2014-12-10 08:49 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-12-10 08:49 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-12-10 08:49 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-12-10 08:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-12-10 08:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-12-10 08:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-12-10 08:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-12-10 08:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-12-10 08:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-12-10 08:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-12-10 08:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-12-10 08:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-12-10 08:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-12-10 08:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-12-10 08:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-12-10 08:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-12-10 08:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-12-10 08:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-12-10 08:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-12-10 08:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-12-10 08:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-12-10 08:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-12-10 08:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-12-10 08:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-12-10 08:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-12-10 08:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-12-10 08:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-12-10 08:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-12-10 08:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-12-10 08:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-12-10 08:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-12-10 08:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-12-10 08:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-12-10 08:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-12-10 08:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-12-10 08:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-12-10 08:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-12-10 08:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-12-10 08:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-12-10 08:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-12-10 08:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-12-10 08:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-05 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-05 11:51 - 2013-05-31 16:17 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 11:36 - 2014-07-19 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ClassicShell

2015-01-05 10:33 - 2013-09-25 12:20 - 00000000 ____D () C:\Users\Christian\AppData\Local\E4A50210-E336-403E-85C1-A754E63DB458.aplzod

2015-01-05 09:49 - 2014-10-26 17:57 - 01621509 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-05 09:32 - 2013-05-31 16:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001

2015-01-05 08:53 - 2014-04-16 16:58 - 00000000 ___RD () C:\Users\Christian\Dropbox

2015-01-05 08:53 - 2014-04-16 16:21 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox

2015-01-05 08:50 - 2013-05-31 16:17 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 08:49 - 2014-09-23 22:06 - 00021094 _____ () C:\WINDOWS\PFRO.log

2015-01-05 08:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-05 08:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-04 21:34 - 2014-10-26 22:27 - 00001454 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-04 21:34 - 2014-09-20 10:04 - 00002316 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2015-01-04 21:34 - 2014-09-20 10:04 - 00002269 _____ () C:\Users\Christian\Desktop\Search.lnk

2015-01-04 21:34 - 2013-05-31 16:18 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-04 21:28 - 2013-07-12 13:07 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint

2015-01-01 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-31 17:47 - 2013-08-22 15:46 - 00336551 _____ () C:\WINDOWS\setupact.log

2014-12-31 12:50 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-31 12:50 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat

2014-12-31 12:50 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat

2014-12-29 13:31 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Christian\Documents\expenses

2014-12-26 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp

2014-12-19 07:45 - 2014-08-15 07:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2014-12-18 10:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-12-17 07:53 - 2014-09-19 07:28 - 00001076 _____ () C:\Users\Christian\Desktop\Dropbox.lnk

2014-12-17 07:53 - 2014-04-16 16:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-12 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-12-10 20:28 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat

2014-12-10 20:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-12-10 15:49 - 2013-05-31 16:33 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 15:48 - 2013-08-14 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-12-10 15:40 - 2013-06-01 11:33 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 

Files to move or delete:

====================

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe
 
 

Some content of TEMP:

====================

C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe

C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyxss9.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 09:32
 

==================== End Of Log ============================

--- --- ---

+++++

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015

Ran by Christian at 2015-01-05 12:00:48

Running from C:\Users\Christian\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)

AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)

Amazon Cloud Player (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)

Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)

AMD Catalyst Install Manager (HKLM\...\{7141A3BC-9EBD-A6AB-CCAE-FBD4E4BFC870}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.2008153474 - Audible, Inc.)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)

Benutzerhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Useg) (Version:  - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)

Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell-Druckersoftware (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)

DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden

Dropbox (HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)

E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)

Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Nero MediaHome 4 Essentials (HKLM-x32\...\{09558d0a-a24d-4fba-a545-db7a7ac19afe}) (Version:  - Nero AG)

Nero MediaHome 4 Trial (HKLM-x32\...\{b7acd305-dcab-4189-8f19-dca53e683617}) (Version:  - Nero AG)

Netzwerkhandbuch EPSON XP-205 207 Series (HKLM-x32\...\EPSON XP-205 207 Series Netg) (Version:  - )

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden

NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)

Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION

ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)

Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)

Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden

SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)

Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)

Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)

streamWriter (HKLM-x32\...\streamWriter_is1) (Version:  - )

Support Center (HKLM\...\{50E36BBB-36A5-400A-8AC5-9F7C0BD751A2}) (Version: 2.1.80 - Samsung Electronics CO., LTD.)

Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden

SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)

The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)

Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{BBF646B1-B6F6-4076-B653-972C777355BB}) (Version: 21.00.8480 - Buhl Data Service GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2678595623-4148133582-4009595467-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

10-12-2014 15:32:43 Windows Update

18-12-2014 10:16:55 Windows Update

28-12-2014 11:49:21 Geplanter Prüfpunkt

05-01-2015 09:19:09 Revo Uninstaller's restore point - Movie Wizard
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {03D464F7-79CB-4360-B588-33FE82588F0B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {1770C77C-7FFB-4235-A722-15AC9E193406} - System32\Tasks\YKHICJXT => C:\Users\Christian\AppData\Roaming\YKHICJXT.exe [2015-01-04] (Enter) <==== ATTENTION

Task: {30B5096B-2FA8-4E94-A7F9-D04DDD1DA5F1} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-05-01] (SEC)

Task: {37D968E1-A472-428B-B023-018462699E48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)

Task: {45CF81CE-4475-44D1-B149-E6CE3C5B8A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {4BA8038D-6ACB-4652-A500-A380A9E4B89F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {5398F298-BEFF-45A8-A4A8-8827F31C2B00} - System32\Tasks\{93F291FB-1023-4509-9FCC-68C127477BB0} => pcalua.exe -a F:\INSTALL\RASETUP.EXE -d F:\INSTALL

Task: {55A71CE9-A563-4500-8F9D-991DBB074751} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)

Task: {5FFD770A-D8AE-4753-8C1E-F788B15DA5BC} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe

Task: {781554C1-1BE9-41AB-8881-36F0901214DA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {789305D1-A5DB-43A8-807C-0B0A8373272F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe

Task: {78DD4BAF-27F0-4717-924C-49A185500F9B} - System32\Tasks\ABOHA => C:\Users\Christian\AppData\Roaming\ABOHA.exe [2015-01-04] (HQ-VideoV04.01) <==== ATTENTION

Task: {884AE421-4A81-47B8-B3B1-5176AC3B4B39} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {9DAF64D1-5723-4D15-87C6-37FC8A8A4519} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {9DCAE56A-934A-4476-8952-E3B213C0E1F2} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)

Task: {A9C259C2-8B80-4BE2-9E21-1335380E8331} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {B4D0DD66-F243-4543-9D90-F441C8F85846} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {B8C6F579-66DD-401A-936B-9CEFF51B181A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)

Task: {CCAA43C7-A484-4D97-8B40-495CB3711C68} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)

Task: {D6A790BC-3008-4ECB-99BD-52ED004C2D5E} - System32\Tasks\{DA25F2B4-FC78-428F-B81D-B67AD7218817} => pcalua.exe -a E:\autorun.exe -d E:\

Task: {D9857484-3945-4E7B-ACD9-7D4C8A51E7DC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)

Task: {E88F64C1-A30A-486B-8778-1680A73945B6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {E8B43B43-E0EC-45D3-9B4F-A4AA0807FA92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.)

Task: {EB4FF7EB-B3E9-4D77-BCE6-D4E225E55542} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

Task: {F596D76D-82C2-417C-B75E-59C0F7589643} - System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237} => pcalua.exe -a C:\ProgramData\MovieWizard\uninstall.exe -c /kb=y /ic=1

Task: C:\WINDOWS\Tasks\ABOHA.job => C:\Users\Christian\AppData\Roaming\ABOHA.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Task: C:\WINDOWS\Tasks\YKHICJXT.job => C:\Users\Christian\AppData\Roaming\YKHICJXT.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll

2012-12-05 19:44 - 2012-12-05 19:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll

2012-12-05 19:39 - 2012-12-05 19:39 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll

2012-12-05 19:41 - 2012-12-05 19:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2012-12-05 19:44 - 2012-12-05 19:44 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

2014-05-08 13:44 - 2014-03-07 21:39 - 03168576 _____ () C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

2014-08-15 07:39 - 2014-08-15 07:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2015-01-04 21:15 - 2015-01-04 21:15 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll

2015-01-05 09:16 - 2015-01-05 09:16 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

2013-06-02 15:24 - 2012-10-22 10:21 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll

2013-06-02 15:24 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll

2013-06-02 15:24 - 2012-07-09 16:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll

2013-06-02 15:24 - 2012-03-23 09:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll

2012-09-18 12:12 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-08-15 07:39 - 2014-08-15 07:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-05 08:53 - 2015-01-05 08:53 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyxss9.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2012-09-18 11:54 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2014-12-12 07:52 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-12 07:52 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-12 07:52 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 07:52 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-12 07:52 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2678595623-4148133582-4009595467-500 - Administrator - Disabled)

Christian (S-1-5-21-2678595623-4148133582-4009595467-1001 - Administrator - Enabled) => C:\Users\Christian

Gast (S-1-5-21-2678595623-4148133582-4009595467-501 - Limited - Disabled)

NeroMediaHomeUser.4 (S-1-5-21-2678595623-4148133582-4009595467-1015 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
 

==================== Faulty Device Manager Devices =============
 

Name: TSSTcorp CDDVDW SN-208BB

Description: CD-ROM-Laufwerk

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard-CD-ROM-Laufwerke)

Service: cdrom

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/05/2015 09:11:43 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.7, Zeitstempel: 0x51801d61

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000374

Fehleroffset: 0x00000000000f0d6c

ID des fehlerhaften Prozesses: 0x1dd0

Startzeit der fehlerhaften Anwendung: 0xWCScheduler.exe0

Pfad der fehlerhaften Anwendung: WCScheduler.exe1

Pfad des fehlerhaften Moduls: WCScheduler.exe2

Berichtskennung: WCScheduler.exe3

Vollständiger Name des fehlerhaften Pakets: WCScheduler.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WCScheduler.exe5
 

Error: (01/05/2015 08:57:24 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 5a4
 

Startzeit: 01d028bc864fb28b
 

Endzeit: 4294967295
 

Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
 

Berichts-ID: 7a7dff4e-94b0-11e4-bebb-50b7c34e570f
 

Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (01/05/2015 08:04:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 6.0.9.7, Zeitstempel: 0x51801d61

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000374

Fehleroffset: 0x00000000000f0d6c

ID des fehlerhaften Prozesses: 0x1b60

Startzeit der fehlerhaften Anwendung: 0xWCScheduler.exe0

Pfad der fehlerhaften Anwendung: WCScheduler.exe1

Pfad des fehlerhaften Moduls: WCScheduler.exe2

Berichtskennung: WCScheduler.exe3

Vollständiger Name des fehlerhaften Pakets: WCScheduler.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WCScheduler.exe5
 

Error: (01/05/2015 07:55:18 AM) (Source: ATIeRecord) (EventID: 16391) (User: )

Description: ATI EEU maximum number of session has been surpassed
 

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 28267235
 

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 28267235
 

Error: (01/05/2015 07:54:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9266
 

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9266
 

Error: (01/05/2015 00:03:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 
 

System errors:

=============

Error: (01/05/2015 11:49:28 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (01/05/2015 11:48:58 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/05/2015 11:42:15 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (01/05/2015 11:41:33 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/05/2015 11:35:26 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/05/2015 11:34:46 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (01/05/2015 11:27:48 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 

Error: (01/05/2015 11:27:06 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/05/2015 11:19:33 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 

Error: (01/05/2015 11:18:52 AM) (Source: DCOM) (EventID: 10010) (User: Chris)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 

Microsoft Office Sessions:

=========================

Error: (03/04/2014 10:50:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1518 seconds with 1380 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz

Percentage of memory in use: 28%

Total physical RAM: 8083.42 MB

Available physical RAM: 5807.29 MB

Total Pagefile: 9683.43 MB

Available Pagefile: 5329.85 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:673.3 GB) (Free:473.28 GB) NTFS

Drive h: () (Removable) (Total:1.92 GB) (Free:0.63 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: 4F494D44)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---

revo erledigt

adw:AdwCleaner Logfile:

Code:

# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 16:35:06

# Aktualisiert 21/12/2014 von Xplode

# Database : 2015-01-03.1 [Live]

# Betriebssystem : Windows 8.1  (64 bits)

# Benutzername : Christian - CHRIS

# Gestartet von : C:\Users\Christian\Downloads\AdwCleaner_4.106.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : WindowsMangerProtect

Dienst Gelöscht : IHProtect Service
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\NCH Software

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect

Ordner Gelöscht : C:\ProgramData\IHProtectUpDate

Ordner Gelöscht : C:\Program Files (x86)\globalUpdate

Ordner Gelöscht : C:\Program Files (x86)\NCH Software

Ordner Gelöscht : C:\Program Files (x86)\predm

Ordner Gelöscht : C:\Users\Christian\AppData\Local\globalUpdate

Ordner Gelöscht : C:\Users\Christian\AppData\Local\LPT

Ordner Gelöscht : C:\Users\Christian\AppData\Local\Smartbar

Ordner Gelöscht : C:\Users\Christian\AppData\Local\CrashRpt

Ordner Gelöscht : C:\Users\Christian\AppData\Local\MovieWizard

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\NCH Software

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\omiga-plus

Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\VOPackage

Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

Datei Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 

***** [ Tasks ] *****
 

Task Gelöscht : LaunchSignup
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKCU\Software\GlobalUpdate

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\SecuredDownload

Schlüssel Gelöscht : HKCU\Software\SmartBar

Schlüssel Gelöscht : HKCU\Software\smartbarbackup

Schlüssel Gelöscht : HKCU\Software\smartbarlog

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\TutoTag

Schlüssel Gelöscht : HKCU\Software\StormWatchApp

Schlüssel Gelöscht : HKCU\Software\Wnkey

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE

Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate

Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware

Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp

Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect

Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials

Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Google Chrome v39.0.2171.95
 

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : geggofhlfbcmanadhknllmlajiafopoh
 

-\\ Opera v0.0.0.0
 
 

*************************
 

AdwCleaner[R0].txt - [2354 octets] - [27/07/2014 08:36:52]

AdwCleaner[R1].txt - [19965 octets] - [05/01/2015 16:28:03]

AdwCleaner[S0].txt - [2165 octets] - [27/07/2014 08:37:35]

AdwCleaner[S1].txt - [16219 octets] - [05/01/2015 16:35:06]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [16280 octets] ##########

--- --- ---
rest folgt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Christian on 05.01.2015 at 16:47:49,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink

~~~ Files

Successfully deleted: [File] "C:\Users\Christian\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Christian\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.01.2015 at 16:55:54,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 05.01.2015
Scan Time: 16:59:50
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.05.06
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395774
Time Elapsed: 42 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\rYsSZF.exe, 3248, Delete-on-Reboot, [9c2e3fb46326e056cfff901813eec53b]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.MovieWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rYsSZF, Quarantined, [9c2e3fb46326e056cfff901813eec53b],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [e4e6787be3a62016a116f4297f8435cb],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [8149d81bf5948da9aace6300847fcc34],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [547637bc3d4cc670bc83680dc0432ed2],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],

Registry Values: 1
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_57, Quarantined, [48826b88d2b77eb860aa1a4efa098d73],

Registry Data: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfBjU-QQWRZo0MEKYtVExFYw_wZR3gqptKtktHaYxKsvFn-FbVbapFJhoQLVyUdO6SwVYZgmxafTObJ0ifN_9A,,, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfBjU-QQWRZo0MEKYtVExFYw_wZR3gqptKtktHaYxKsvFn-FbVbapFJhoQLVyUdO6SwVYZgmxafTObJ0ifN_9A,,),Replaced,[9634d41f602936002bb0c1bc91749c64]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[309a9e5553361620bc24ea934bbab848]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[6d5d82711b6e3501815d3c41a06546ba]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[3c8e4ca77b0ea1951ac985f8a75ee51b]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[c00a4fa42861b08613d12657d92c03fd]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2678595623-4148133582-4009595467-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbkRqk2nM_zupkJTpIlAn0-yxzyhK-5AKV7malnMG_lHTaboiUJMCHrotFlWDma73k59q4ZeQdT5elfzEQAXeTm9Lg39jwBlJ8uck-RGeInHO0FqLzKJrojniDvRSHxD-SOAIZ47hJZfUc6k8xE2miFS1R7ERJzqntQ,,&q={searchTerms}),Replaced,[fbcfa94a1f6a91a5a93dbac37095629e]

Folders: 31
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\MovieWizard, Quarantined, [cbfffaf98efb5bdb01508305ab585aa6],
Rogue.Multiple, C:\ProgramData\2355320829, Quarantined, [4882b241ddaca393b5d53be3c43f847c],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],

Files: 116
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\rYsSZF.exe, Delete-on-Reboot, [9c2e3fb46326e056cfff901813eec53b],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\FBQPiVZL.exe, Delete-on-Reboot, [19b10de60e7b2214f3dbc4e454ad47b9],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\IHHpKvw.exe, Delete-on-Reboot, [ca0003f0a1e85adc824c198fbb46e719],
PUP.Optional.MovieWizard.A, C:\ProgramData\jItQNyBVnXO\dat\kSRMXqJ.dll, Delete-on-Reboot, [73572dc6cbbef83e2457f188f0153cc4],
PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Roaming\ABOHA.exe, Quarantined, [ac1ed221d2b772c44994e8d4fd087e82],
PUP.Optional.MediaPlayerVideo.A, C:\Users\Christian\AppData\Roaming\YKHICJXT.exe, Quarantined, [d3f7ce2557329d9978ef6b530ff6a858],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [5377698a6a1f67cfc666857f05fd7c84],
PUP.Optional.Tuto4PC.A, C:\Users\Christian\AppData\Local\Temp\20da783a-30b5-47a2-bc40-2b94ef986a56\games desktop.exe, Quarantined, [fcce22d12366e6503d5599614db4ba46],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\Temp\405917f5-d559-4e06-aa02-4b843880eabb\setup.exe, Quarantined, [24a6ae452f5a58de0f0272eb659bea16],
PUP.Optional.StormWatch.A, C:\Users\Christian\AppData\Local\Temp\4d8efcb2-fe7f-4b3a-ab85-1687a2333324\setup.exe, Quarantined, [8248d51ee6a38ea89222b0a5fe029868],
PUP.Optional.CrossRider.A, C:\Users\Christian\AppData\Local\Temp\8bd513da-160f-4d3a-9fdc-6ddf99d5df7d\setup.exe, Quarantined, [07c339ba0683181e2a0ab42d40c1936d],
PUP.Optional.XTab.A, C:\Users\Christian\AppData\Local\Temp\~dl38E0\~dljyb\tmp\STab_v4.0.exe, Quarantined, [dcee36bdfc8d51e5e646b74da06213ed],
PUP.Optional.WindowsProtectManger.A, C:\Users\Christian\AppData\Local\Temp\~dl38E0\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [45854aa90f7a89ad1abe5c66e31e5ba5],
PUP.Optional.Bandoo, C:\Users\Christian\Downloads\iLividSetup-r400-n-bc.exe, Quarantined, [d0fa747f6920082eeb4d71b9bf42d62a],
PUP.Optional.Softonic, C:\Users\Christian\Downloads\SoftonicDownloader_fuer_photoscape.exe, Quarantined, [606ad320088196a059de4ed76a97cb35],
Adware.Linkular, C:\Users\Christian\Downloads\VLCPlus_Setup (1).exe, Quarantined, [e8e28e652d5cfc3a628df4bc20e5af51],
Adware.Linkular, C:\Users\Christian\Downloads\VLCPlus_Setup.exe, Quarantined, [a426af4430593204b738dfd1778e58a8],
PUP.Optional.SnapDo.A, C:\Windows\Installer\24ab3d40.msi, Quarantined, [3a90c82b07822214751f673da35e04fc],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI610F.tmp, Quarantined, [01c95c978801c96d532ce44a4db3a759],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIC332.tmp, Quarantined, [c406fef5b3d6ba7cf08f52dcda262bd5],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI2CB3.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [5c6e688bfb8e9a9c5c23e84645bbc63a],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [b81231c28cfd3ff77dfc85de23e006fa],
PUP.Optional.OmigaPlus.A, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, Quarantined, [bf0b25cee9a04cea5d83b5b336cdf20e],
PUP.Optional.OmigaPlus.A, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, Quarantined, [5674fcf741486bcbd0103b2d956e11ef],
PUP.Optional.MovieWizard.A, C:\Users\Christian\AppData\Local\MovieWizard\data2.dat, Quarantined, [cbfffaf98efb5bdb01508305ab585aa6],
Rogue.Multiple, C:\ProgramData\2355320829\BIT2BF0.tmp, Quarantined, [4882b241ddaca393b5d53be3c43f847c],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleCrashHandler.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdate.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateBroker.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateHelper.msi, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\GoogleUpdateOnDemand.exe, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\goopdate.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\goopdateres_en.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\npGoogleUpdate4.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\psmachine.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.91348\psuser.dll, Quarantined, [9c2e1dd6f198d3638b4a68df33d0ea16],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleCrashHandler.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdate.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateBroker.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateHelper.msi, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\GoogleUpdateOnDemand.exe, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\goopdate.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\goopdateres_en.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\npGoogleUpdate4.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\psmachine.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],
PUP.Optional.GlobalUpdate.A, C:\Users\Christian\AppData\Local\Temp\comh.94121\psuser.dll, Quarantined, [dbefbc37cbbec571d40156f1c83b827e],

Physical Sectors: 0
(No malicious items detected)

(end)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by Christian (administrator) on CHRIS on 05-01-2015 18:07:09

Running from C:\Users\Christian\Downloads

Loaded Profiles: Christian & NeroMediaHomeUser.4 (Available profiles: Christian & NeroMediaHomeUser.4)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe

(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

() C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)

HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)

HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)

HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [Amazon Cloud Player] => C:\Users\Christian\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\...\Run: [GoogleChromeAutoLaunch_F95133299531DA24C7CB703BC8432DCE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)

HKU\S-1-5-21-2678595623-4148133582-4009595467-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)

Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\S-1-5-21-2678595623-4148133582-4009595467-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl

URLSearchHook: [S-1-5-21-2678595623-4148133582-4009595467-1015] ATTENTION ==> Default URLSearchHook is missing.

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2678595623-4148133582-4009595467-1015 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2678595623-4148133582-4009595467-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Christian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-31]
 

Chrome: 

=======

CHR HomePage: Default -> https://www.google.de/

CHR StartupUrls: Default -> "https://www.google.de/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (ProxFlow) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-07]

CHR Extension: (Adguard AdBlocker) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-05]

CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-05]

CHR Extension: (Adblock for Youtube™) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-01-05]

CHR Extension: (AdBlock) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-05]

CHR Extension: (avast! Online Security) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-31]

CHR Extension: (Disconnect) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-05-31]

CHR Extension: (Top Eleven) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2014-08-30]

CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)

R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155968 2012-04-18] (Dell Inc.)

R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [338944 2012-01-11] (Dell Inc.) [File not signed]

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-05 18:06 - 2015-01-05 18:06 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe

2015-01-05 17:57 - 2015-01-05 17:57 - 00000000 ___RD () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2015-01-05 17:50 - 2015-01-05 17:50 - 00025585 _____ () C:\Users\Christian\Desktop\mbam.txt

2015-01-05 16:59 - 2015-01-05 16:59 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-05 16:58 - 2015-01-05 16:58 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-05 16:58 - 2015-01-05 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-05 16:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-05 16:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-05 16:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-05 16:57 - 2015-01-05 16:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-05 16:55 - 2015-01-05 16:55 - 00001130 _____ () C:\Users\Christian\Desktop\JRT.txt

2015-01-05 16:47 - 2015-01-05 16:47 - 01707939 _____ (Thisisu) C:\Users\Christian\Downloads\JRT (2).exe

2015-01-05 16:46 - 2015-01-05 16:46 - 01707939 _____ (Thisisu) C:\Users\Christian\Downloads\JRT (1).exe

2015-01-05 16:27 - 2015-01-05 16:27 - 02173952 _____ () C:\Users\Christian\Downloads\AdwCleaner_4.106.exe

2015-01-05 12:00 - 2015-01-05 12:02 - 00036135 _____ () C:\Users\Christian\Downloads\Addition.txt

2015-01-05 11:59 - 2015-01-05 18:07 - 00026056 _____ () C:\Users\Christian\Downloads\FRST.txt

2015-01-05 11:59 - 2015-01-05 18:07 - 00000000 ____D () C:\FRST

2015-01-05 11:58 - 2015-01-05 11:58 - 02123776 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe

2015-01-05 09:17 - 2015-01-05 09:17 - 00001284 _____ () C:\Users\Christian\Desktop\Revo Uninstaller.lnk

2015-01-05 09:17 - 2015-01-05 09:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-05 09:13 - 2015-01-05 09:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian\Downloads\revosetup95.exe

2015-01-05 08:47 - 2015-01-05 08:47 - 19244986 _____ () C:\Users\Christian\Downloads\Nicht bestätigt 147680.crdownload

2015-01-05 08:34 - 2015-01-05 08:35 - 20008315 _____ () C:\Users\Christian\Downloads\Silverlight_5.1.30214.zip

2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim.exe

2015-01-05 08:32 - 2015-01-05 08:32 - 04188536 _____ (Piriform Ltd) C:\Users\Christian\Downloads\ccsetup501_slim (1).exe

2015-01-04 21:26 - 2015-01-04 21:26 - 00003106 _____ () C:\WINDOWS\System32\Tasks\{00F53159-ECCF-4B9A-8F57-A6B7C3AB2237}

2015-01-04 21:15 - 2015-01-05 17:53 - 00001714 _____ () C:\WINDOWS\Tasks\YKHICJXT.job

2015-01-04 21:15 - 2015-01-05 17:53 - 00001364 _____ () C:\WINDOWS\Tasks\ABOHA.job

2015-01-04 21:15 - 2015-01-04 21:15 - 00004720 _____ () C:\WINDOWS\System32\Tasks\YKHICJXT

2015-01-04 21:15 - 2015-01-04 21:15 - 00004372 _____ () C:\WINDOWS\System32\Tasks\ABOHA

2015-01-04 21:14 - 2015-01-05 17:52 - 00000000 ____D () C:\ProgramData\jItQNyBVnXO

2015-01-04 21:07 - 2015-01-05 14:00 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD4B8742-B9A0-465C-97C9-AF4D297AA612}

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieUserList

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieSiteList

2015-01-04 21:07 - 2015-01-04 21:07 - 00000000 __SHD () C:\Users\Christian\AppData\Local\EmieBrowserModeList

2014-12-19 09:39 - 2014-12-19 09:39 - 00000320 _____ () C:\Users\Christian\Downloads\BK_DAVE_000594DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:39 - 2014-12-19 09:39 - 00000310 _____ () C:\Users\Christian\Downloads\BK_RHDE_002130DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000303 _____ () C:\Users\Christian\Downloads\BK_LUEB_001376DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_002150DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:38 - 2014-12-19 09:38 - 00000287 _____ () C:\Users\Christian\Downloads\BK_RHDE_001995DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000319 _____ () C:\Users\Christian\Downloads\BK_ARGO_000769DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000316 _____ () C:\Users\Christian\Downloads\BK_ARGO_000498DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000314 _____ () C:\Users\Christian\Downloads\BK_RHDE_001547DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000307 _____ () C:\Users\Christian\Downloads\BK_RHDE_001511DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000299 _____ () C:\Users\Christian\Downloads\BK_RHDE_002234DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000295 _____ () C:\Users\Christian\Downloads\BK_HAMB_001071DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:37 - 2014-12-19 09:37 - 00000291 _____ () C:\Users\Christian\Downloads\BK_LUEB_001403DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:31 - 00000328 _____ () C:\Users\Christian\Downloads\BK_LUEB_001461DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:31 - 00000318 _____ () C:\Users\Christian\Downloads\BK_RHDE_001614DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000320 _____ () C:\Users\Christian\Downloads\BK_LUEB_000607DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000310 _____ () C:\Users\Christian\Downloads\BK_LUEB_000678DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-19 09:30 - 2014-12-19 09:30 - 00000308 _____ () C:\Users\Christian\Downloads\BK_RHDE_000841DE_LC_64_44100_ster_A1C08G6MVCHD8K.adh

2014-12-12 08:53 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2014-12-12 08:53 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2014-12-11 07:53 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-12-11 07:53 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-10 20:27 - 2014-12-10 20:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2014-12-10 09:01 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll

2014-12-10 09:01 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-10 09:01 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2014-12-10 09:01 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2014-12-10 08:49 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-12-10 08:49 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-12-10 08:49 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-12-10 08:49 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2014-12-10 08:49 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2014-12-10 08:49 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-12-10 08:49 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-12-10 08:49 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-12-10 08:49 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-12-10 08:48 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-12-10 08:48 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-12-10 08:48 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-12-10 08:48 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-12-10 08:48 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-12-10 08:48 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-12-10 08:48 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-12-10 08:48 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-12-10 08:48 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-12-10 08:48 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-12-10 08:48 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-12-10 08:48 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-12-10 08:48 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-12-10 08:48 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-12-10 08:48 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-12-10 08:48 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-12-10 08:48 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-12-10 08:48 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-12-10 08:48 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-12-10 08:48 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-12-10 08:48 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-12-10 08:48 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-12-10 08:48 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-12-10 08:48 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-12-10 08:48 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-12-10 08:48 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-12-10 08:48 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-12-10 08:48 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-12-10 08:48 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-12-10 08:48 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-12-10 08:48 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-12-10 08:48 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-12-10 08:48 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-12-10 08:48 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-12-10 08:48 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-12-10 08:48 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-12-10 08:48 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-12-10 08:48 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-12-10 08:48 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-05 18:03 - 2014-07-19 17:10 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\ClassicShell

2015-01-05 18:01 - 2013-09-25 12:20 - 00000000 ____D () C:\Users\Christian\AppData\Local\E4A50210-E336-403E-85C1-A754E63DB458.aplzod

2015-01-05 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-05 17:59 - 2014-04-16 16:58 - 00000000 ___RD () C:\Users\Christian\Dropbox

2015-01-05 17:59 - 2013-05-31 16:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2678595623-4148133582-4009595467-1001

2015-01-05 17:58 - 2014-08-15 07:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-01-05 17:58 - 2014-04-16 16:21 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox

2015-01-05 17:54 - 2013-05-31 16:17 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 17:52 - 2014-09-23 22:06 - 00057338 _____ () C:\WINDOWS\PFRO.log

2015-01-05 17:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-05 17:52 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-05 17:51 - 2013-05-31 16:17 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 16:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-05 16:35 - 2014-07-27 08:33 - 00000000 ____D () C:\AdwCleaner

2015-01-05 09:49 - 2014-10-26 17:57 - 01621509 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-04 21:34 - 2014-10-26 22:27 - 00001454 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-04 21:34 - 2014-09-20 10:04 - 00002316 _____ () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2015-01-04 21:34 - 2014-09-20 10:04 - 00002269 _____ () C:\Users\Christian\Desktop\Search.lnk

2015-01-04 21:34 - 2013-05-31 16:18 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-04 21:28 - 2013-07-12 13:07 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint

2015-01-01 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-31 17:47 - 2013-08-22 15:46 - 00336551 _____ () C:\WINDOWS\setupact.log

2014-12-31 12:50 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-31 12:50 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat

2014-12-31 12:50 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat

2014-12-29 13:31 - 2014-12-01 12:00 - 00000000 ____D () C:\Users\Christian\Documents\expenses

2014-12-26 09:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp

2014-12-17 07:53 - 2014-09-19 07:28 - 00001076 _____ () C:\Users\Christian\Desktop\Dropbox.lnk

2014-12-17 07:53 - 2014-04-16 16:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-12 09:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-12-10 20:28 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS

2014-12-10 20:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat

2014-12-10 20:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-12-10 15:49 - 2013-05-31 16:33 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 15:48 - 2013-08-14 09:30 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-12-10 15:40 - 2013-06-01 11:33 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 

Files to move or delete:

====================

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe
 
 

Some content of TEMP:

====================

C:\Users\Christian\AppData\Local\Temp\BackupSetup.exe

C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpga70yv.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 17:43
 

==================== End Of Log ============================

--- --- ---

--- --- ---