Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8 GVU Trojaber

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.06.2014, 12:56   #1
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo,

Ein Bekannter hat mich gebeten mal zu schauen ob ich den GVU Trojaner von seinem Rechner schmeißen kann.
Da ich nicht von meinem USB Stick booten kann um Kaspersky mal drüberlaufen zu lassen, habe ich entsprechend einem anderen Thread (Den ich nicht verlinken kann) schonmal den FRST Scan gemacht.
System: Windows 8

FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by SYSTEM on MININT-ESI1DTR on 17-06-2014 13:48:24
Running from D:\
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-07] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\CrashsmashLP\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] ()
HKU\CrashsmashLP\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] ()
HKU\CrashsmashLP\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk ->  (No File)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk
ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] (Cherished Technololgy LIMITED)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
S2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] ()
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-10] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-26] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-26] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] ()
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] ()
S2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] ()
S2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] ()
S2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] ()
S2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED)
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-26] (McAfee, Inc.)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-26] (McAfee, Inc.)
S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-26] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-26] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-26] (McAfee, Inc.)
S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-26] (McAfee, Inc.)
S1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST
2014-06-02 06:23 - 2014-06-17 03:39 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end

==================== One Month Modified Files and Folders =======

2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST
2014-06-17 03:40 - 2014-03-03 10:41 - 00000418 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-06-17 03:40 - 2014-03-03 10:40 - 00000416 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-06-17 03:40 - 2014-02-25 05:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-06-17 03:40 - 2014-02-02 00:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg
2014-06-17 03:40 - 2014-02-02 00:16 - 00000212 _____ () C:\Users\CrashsmashLP\Documents\pms.xml
2014-06-17 03:40 - 2014-02-02 00:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 03:39 - 2014-06-02 06:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-17 03:39 - 2014-04-01 03:58 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00003262 _____ () C:\Windows\System32\Tasks\PC Health Kit Schedule
2014-06-17 03:39 - 2014-03-25 07:45 - 00001534 _____ () C:\Windows\Tasks\easy-deals2-updater.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00001490 _____ () C:\Windows\Tasks\easy-deals2-codedownloader.job
2014-06-17 03:39 - 2014-03-25 07:45 - 00001368 _____ () C:\Windows\Tasks\easy-deals2-enabler.job
2014-06-17 03:39 - 2014-03-25 07:44 - 00003118 _____ () C:\Windows\Tasks\easy-deals2-chromeinstaller.job
2014-06-17 03:39 - 2014-03-03 10:43 - 00000298 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-06-17 03:39 - 2014-03-03 10:42 - 00001566 _____ () C:\Windows\Tasks\Video-for-PC-1.2-updater.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00003138 _____ () C:\Windows\Tasks\Video-for-PC-1.2-chromeinstaller.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00002622 _____ () C:\Windows\Tasks\Video-for-PC-1.2-firefoxinstaller.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00001522 _____ () C:\Windows\Tasks\Video-for-PC-1.2-codedownloader.job
2014-06-17 03:39 - 2014-03-03 10:41 - 00001420 _____ () C:\Windows\Tasks\Video-for-PC-1.2-enabler.job
2014-06-17 03:38 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-17 03:27 - 2014-04-02 05:15 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-06-17 03:14 - 2014-03-01 08:32 - 00000324 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-17 03:10 - 2012-07-25 23:21 - 00026869 _____ () C:\Windows\setupact.log
2014-06-17 03:07 - 2014-02-03 07:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001
2014-06-17 03:05 - 2014-04-23 08:10 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-06-17 03:05 - 2014-02-25 05:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup
2014-06-17 03:05 - 2014-02-25 05:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup
2014-06-17 03:03 - 2014-04-01 03:58 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 00:48 - 2014-02-25 05:37 - 00000366 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-06-17 00:20 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-06-17 00:18 - 2012-11-02 14:17 - 02026843 _____ () C:\Windows\WindowsUpdate.log
2014-06-17 00:04 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru
2014-06-05 09:00 - 2014-03-03 10:43 - 00000304 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-06-05 08:57 - 2014-02-25 05:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 08:42 - 2014-03-03 10:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop
2014-06-05 08:42 - 2012-11-02 14:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-05 08:38 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 06:26 - 2014-02-25 05:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp
2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end
2014-06-02 06:06 - 2012-08-01 07:51 - 00017438 _____ () C:\Windows\PFRO.log
2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\Program Files (x86)\SupTab

Some content of TEMP:
====================
C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll
C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-04-01 05:08:23
Restore point made on: 2014-04-29 10:05:25

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 8152.33 MB
Available physical RAM: 7103.22 MB
Total Pagefile: 8152.33 MB
Available Pagefile: 7115.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:627.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1328577F)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-06-17 00:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Falls noch weitere Infos benötigt werden, einfach nachfragen. Vielen Dank schon im voraus.

Geändert von DGutschalk (17.06.2014 um 13:01 Uhr)

Alt 17.06.2014, 13:21   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!






Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk
ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc)
S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation)
end
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.







Berichte mir, ob dein Rechner danach wieder normal startet (wir sind dann noch nicht fertig).
__________________

__________________

Alt 17.06.2014, 13:33   #3
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo Matthias,

Danke für deinen Fix, der Rechner startet und der GVU Trojaner zeigt sich nicht mehr.
Entdeckt habe ich jetzt allerdings noch diversen Müll wie z.B. PC Health Kit oder PC Speed Up. Das sollte ich bei der Gelegenheit auch runter schmeißen.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by SYSTEM at 2014-06-17 14:29:24 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk
ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc)
S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation)
end
*****************

C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk => Moved successfully.
C:\ProgramData\ebqmvgj.gsa => Moved successfully.
Winmgmt => Service restored successfully.

==== End of Fixlog ====
         
__________________

Alt 17.06.2014, 13:34   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



FRST auf dem Desktop downloaden und neu auführen:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 17.06.2014, 13:42   #5
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo Matthias,

Hier die beiden Logs:



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 14:37:40
Running from G:\zweiter lauf
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe
(PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
(System Speedup) C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
(Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe
() C:\Program Files (x86)\FindRight\updateFindRight.exe
() C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
() C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe
(Smartbar) C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe
(Software Updater) C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe
() C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] ()
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] ()
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar)
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
BHO: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho64.dll (adassist2)
BHO: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho64.dll (fun-games)
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.x64.dll ()
BHO: RandoMPricce - {9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} - C:\ProgramData\RandoMPricce\tuQrBryYB0.x64.dll ()
BHO-x32: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho.dll (adassist2)
BHO-x32: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho.dll (fun-games)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.dll ()
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -  No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\CrashsmashLP\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03]
FF HKCU\...\Firefox\Extensions: [{18cb1911-bb8b-407a-a031-fffc8d7b664c}] - C:\Program Files (x86)\Re-markit-soft\155.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\155.xpi [2014-03-03]

Chrome: 
=======
CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_
CHR StartupUrls: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_"
CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google-Suche) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (easy-deals2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-04-01]
CHR Extension: (Video-for-PC-1.2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Widget context) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05]
CHR Extension: (Google Mail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] ()
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] () [File not signed]
R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED)
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 23:43 - 2014-06-17 14:37 - 00000000 ____D () C:\FRST
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end

==================== One Month Modified Files and Folders =======

2014-06-18 00:29 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-17 14:38 - 2014-02-02 10:16 - 00000214 _____ () C:\Users\CrashsmashLP\Documents\pms.xml
2014-06-17 14:38 - 2014-02-02 10:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 14:37 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST
2014-06-17 14:37 - 2014-03-03 20:41 - 00002033 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2014-06-17 14:36 - 2014-02-03 17:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001
2014-06-17 14:36 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-17 14:36 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-17 14:36 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 14:35 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-17 14:34 - 2014-03-03 20:41 - 00000418 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-06-17 14:33 - 2014-04-23 18:10 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-06-17 14:33 - 2014-02-25 15:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup
2014-06-17 14:32 - 2014-04-02 15:15 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2014-06-17 14:32 - 2014-02-25 15:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-17 14:31 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule
2014-06-17 14:31 - 2014-03-25 17:45 - 00001534 _____ () C:\WINDOWS\Tasks\easy-deals2-updater.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00001490 _____ () C:\WINDOWS\Tasks\easy-deals2-codedownloader.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00001368 _____ () C:\WINDOWS\Tasks\easy-deals2-enabler.job
2014-06-17 14:31 - 2014-03-25 17:44 - 00003118 _____ () C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job
2014-06-17 14:31 - 2014-03-03 20:43 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2014-06-17 14:31 - 2014-03-03 20:42 - 00001566 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00003138 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00002622 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00001522 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00001420 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job
2014-06-17 14:31 - 2014-03-03 20:40 - 00000416 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job
2014-06-17 14:31 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 13:40 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg
2014-06-17 13:14 - 2014-03-01 18:32 - 00000324 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log
2014-06-17 13:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 10:48 - 2014-02-25 15:37 - 00000366 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2014-06-17 10:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-17 10:18 - 2012-11-03 00:17 - 02026843 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-05 19:00 - 2014-03-03 20:43 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 18:42 - 2014-03-03 20:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop
2014-06-05 18:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-02 16:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp
2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end
2014-06-02 16:06 - 2012-08-01 17:51 - 00017438 _____ () C:\WINDOWS\PFRO.log
2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\Program Files (x86)\SupTab

Some content of TEMP:
====================
C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll
C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-17 10:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by CrashsmashLP at 2014-06-17 14:38:32
Running from G:\zweiter lauf
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CouponSupport (HKLM-x32\...\S-649636217) (Version: 3.3.0.1598 - CouponSupport) <==== ATTENTION
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version:  - Ubisoft Reflections)
easy-deals2 (HKLM-x32\...\easy-deals2) (Version: 1.34.3.17 - adassist2)
FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version:  - )
Lollipop (HKCU\...\lollipop_03241333) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version:  - Milestone S.r.l.)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Mysearchdial (HKLM-x32\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version:  - 1C-Avalon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Health Kit v3.2 (HKLM-x32\...\PC Health Kit_is1) (Version: 3.2 - PC Health Labs)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.4.1.0 - Speedchecker Limited)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version:  - Ubisoft Montreal)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RandoMPricce (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - RandoomPrIce) <==== ATTENTION
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Re-markit (HKLM-x32\...\674d5dbc-360d-4da7-aa62-80d47d9437b8) (Version:  - Re-markit Software) <==== ATTENTION
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 3.0.0.1941 - SaveClicker) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version:  - Slightly Mad Studios)
Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Software Updater version 1.8.4 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.4 - Air Software) <==== ATTENTION
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.2.0 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - SaveClicker) <==== ATTENTION
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - Redlynx Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Video-for-PC-1.2 (HKLM-x32\...\Video-for-PC-1.2) (Version: 1.34.2.13 - fun-games) <==== ATTENTION
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Wajam (HKLM-x32\...\Wajam) (Version: 2.13 - Wajam) <==== ATTENTION
WPM17.8.0.3393 (HKLM-x32\...\WPM) (Version: 17.8.0.3393 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

01-04-2014 13:07:01 RegClean Pro Di, Apr 01, 14  15:07
29-04-2014 18:05:12 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe [2014-02-24] (PC Health Labs)
Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe [2014-03-03] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - System32\Tasks\Video-for-PC-1.2-updater => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - System32\Tasks\easy-deals2-enabler => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe [2014-03-25] (adassist2)
Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe [2014-03-03] () <==== ATTENTION
Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - System32\Tasks\easy-deals2-codedownloader => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe [2014-03-25] (adassist2)
Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2013-11-12] () <==== ATTENTION
Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION
Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - System32\Tasks\easy-deals2-chromeinstaller => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe [2014-03-25] (adassist2)
Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - System32\Tasks\Video-for-PC-1.2-firefoxinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {B4299654-83B1-4622-8B94-0AD038000AF6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - System32\Tasks\MySearchDial => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION
Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-01-15] (Systweak) <==== ATTENTION
Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\ReMar.exe [2014-03-03] () <==== ATTENTION
Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - System32\Tasks\Video-for-PC-1.2-enabler => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - System32\Tasks\Video-for-PC-1.2-chromeinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - System32\Tasks\easy-deals2-updater => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe [2014-03-25] (adassist2)
Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - System32\Tasks\Video-for-PC-1.2-codedownloader => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\easy-deals2-codedownloader.job => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe
Task: C:\WINDOWS\Tasks\easy-deals2-enabler.job => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe
Task: C:\WINDOWS\Tasks\easy-deals2-updater.job => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-25 15:37 - 2013-11-12 20:59 - 00417072 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-03-03 20:40 - 2014-03-03 20:40 - 00093184 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-02-06 22:19 - 2014-02-06 22:19 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-03-03 20:40 - 2014-03-03 20:40 - 00193536 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe
2014-02-26 07:19 - 2014-06-05 18:53 - 00317728 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2014-03-01 19:36 - 2014-06-05 18:44 - 00317728 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe
2014-03-24 15:33 - 2014-03-24 15:33 - 02952192 _____ () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe
2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe
2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-25 15:37 - 2013-11-12 21:00 - 00585608 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-25 15:37 - 2012-07-25 13:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-02-25 15:37 - 2014-01-15 19:53 - 01731312 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-03-03 20:43 - 2013-06-06 11:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll
2014-03-03 20:43 - 2014-02-19 16:59 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
2014-02-06 22:19 - 2014-02-06 22:19 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-06 22:19 - 2014-02-06 22:19 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-06 22:18 - 2014-02-06 22:18 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00046624 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00068640 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srau.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 02282528 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00066592 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\spbl.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00014368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\siem.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00696352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00014880 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00078368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srut.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00029216 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00065056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srom.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smtu.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00038944 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smta.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00043552 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srbu.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00024096 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgml.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00061472 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00024608 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00043040 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-20 16:37 - 2014-03-20 16:37 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00035360 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00193056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgmu.dll
2014-03-20 16:36 - 2014-03-20 16:36 - 00061440 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00255008 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srns.dll
2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00077856 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srpt.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptc.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00018976 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srut.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\sppsm.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xe84
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3
Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001069
ID des fehlerhaften Prozesses: 0x11fc
Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0
Pfad der fehlerhaften Anwendung: WSHost.exe1
Pfad des fehlerhaften Moduls: WSHost.exe2
Berichtskennung: WSHost.exe3
Vollständiger Name des fehlerhaften Pakets: WSHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b8

Startzeit: 01cf5f0e248d1577

Endzeit: 15

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf5184d3bce1d1

Endzeit: 31

Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (06/17/2014 01:39:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%127


Microsoft Office Sessions:
=========================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 23%
Total physical RAM: 8152.33 MB
Available physical RAM: 6220.89 MB
Total Pagefile: 16856.33 MB
Available Pagefile: 14651.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:627.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1328577F)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 17.06.2014, 13:44   #6
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Bitte genau lesen...


Zitat:
Running from G:\zweiter lauf
Alle Tools auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
__________________
--> Windows 8 GVU Trojaber

Alt 17.06.2014, 13:56   #7
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo,

Ich habe das Tool nochmal vom Desktop aus gestartet.


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 14:53:14
Running from C:\Users\CrashsmashLP\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe
(PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
(System Speedup) C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
(Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
() C:\Program Files (x86)\LPT\srpts.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe
() C:\Program Files (x86)\FindRight\updateFindRight.exe
() C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
() C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe
(Smartbar) C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe
(Software Updater) C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe
() C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] ()
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] ()
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar)
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms}
SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms}
BHO: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho64.dll (adassist2)
BHO: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho64.dll (fun-games)
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.x64.dll ()
BHO: RandoMPricce - {9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} - C:\ProgramData\RandoMPricce\tuQrBryYB0.x64.dll ()
BHO-x32: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho.dll (adassist2)
BHO-x32: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho.dll (fun-games)
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.dll ()
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -  No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\CrashsmashLP\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03]
FF HKCU\...\Firefox\Extensions: [{18cb1911-bb8b-407a-a031-fffc8d7b664c}] - C:\Program Files (x86)\Re-markit-soft\155.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\155.xpi [2014-03-03]

Chrome: 
=======
CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_
CHR StartupUrls: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_"
CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google-Suche) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (easy-deals2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-04-01]
CHR Extension: (Video-for-PC-1.2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Widget context) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05]
CHR Extension: (Google Mail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] ()
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] () [File not signed]
R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] ()
R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] ()
R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED)
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 23:43 - 2014-06-17 14:53 - 00000000 ____D () C:\FRST
2014-06-17 14:52 - 2014-06-17 14:53 - 00024748 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt
2014-06-17 14:52 - 2014-06-17 13:37 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end

==================== One Month Modified Files and Folders =======

2014-06-18 00:29 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-17 14:53 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST
2014-06-17 14:53 - 2014-06-17 14:52 - 00024748 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt
2014-06-17 14:53 - 2014-02-02 10:16 - 00000213 _____ () C:\Users\CrashsmashLP\Documents\pms.xml
2014-06-17 14:53 - 2014-02-02 10:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 14:51 - 2014-03-03 20:41 - 00002033 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk
2014-06-17 14:43 - 2014-02-03 17:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001
2014-06-17 14:40 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-17 14:40 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-17 14:40 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 14:35 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-17 14:34 - 2014-03-03 20:41 - 00000418 _____ () C:\WINDOWS\Tasks\Re-markit Update.job
2014-06-17 14:33 - 2014-04-23 18:10 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-06-17 14:33 - 2014-02-25 15:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup
2014-06-17 14:32 - 2014-04-02 15:15 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2014-06-17 14:32 - 2014-02-25 15:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-17 14:31 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule
2014-06-17 14:31 - 2014-03-25 17:45 - 00001534 _____ () C:\WINDOWS\Tasks\easy-deals2-updater.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00001490 _____ () C:\WINDOWS\Tasks\easy-deals2-codedownloader.job
2014-06-17 14:31 - 2014-03-25 17:45 - 00001368 _____ () C:\WINDOWS\Tasks\easy-deals2-enabler.job
2014-06-17 14:31 - 2014-03-25 17:44 - 00003118 _____ () C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job
2014-06-17 14:31 - 2014-03-03 20:43 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
2014-06-17 14:31 - 2014-03-03 20:42 - 00001566 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00003138 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00002622 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00001522 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job
2014-06-17 14:31 - 2014-03-03 20:41 - 00001420 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job
2014-06-17 14:31 - 2014-03-03 20:40 - 00000416 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job
2014-06-17 14:31 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 13:40 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg
2014-06-17 13:37 - 2014-06-17 14:52 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe
2014-06-17 13:14 - 2014-03-01 18:32 - 00000324 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log
2014-06-17 13:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 10:48 - 2014-02-25 15:37 - 00000366 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2014-06-17 10:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-17 10:18 - 2012-11-03 00:17 - 02026843 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-05 19:00 - 2014-03-03 20:43 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-05 18:42 - 2014-03-03 20:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop
2014-06-05 18:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-02 16:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp
2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end
2014-06-02 16:06 - 2012-08-01 17:51 - 00017438 _____ () C:\WINDOWS\PFRO.log
2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\ProgramData\IePluginService
2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\Program Files (x86)\SupTab

Some content of TEMP:
====================
C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll
C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe
C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-17 10:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by CrashsmashLP at 2014-06-17 14:53:32
Running from C:\Users\CrashsmashLP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CouponSupport (HKLM-x32\...\S-649636217) (Version: 3.3.0.1598 - CouponSupport) <==== ATTENTION
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version:  - Ubisoft Reflections)
easy-deals2 (HKLM-x32\...\easy-deals2) (Version: 1.34.3.17 - adassist2)
FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version:  - )
Lollipop (HKCU\...\lollipop_03241333) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version:  - Milestone S.r.l.)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Mysearchdial (HKLM-x32\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version:  - 1C-Avalon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Health Kit v3.2 (HKLM-x32\...\PC Health Kit_is1) (Version: 3.2 - PC Health Labs)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.4.1.0 - Speedchecker Limited)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION
Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version:  - Ubisoft Montreal)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RandoMPricce (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - RandoomPrIce) <==== ATTENTION
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Re-markit (HKLM-x32\...\674d5dbc-360d-4da7-aa62-80d47d9437b8) (Version:  - Re-markit Software) <==== ATTENTION
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 3.0.0.1941 - SaveClicker) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version:  - Slightly Mad Studios)
Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION
Software Updater version 1.8.4 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.4 - Air Software) <==== ATTENTION
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.2.0 - Uniblue Systems Limited) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version:  - SaveClicker) <==== ATTENTION
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - Redlynx Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Video-for-PC-1.2 (HKLM-x32\...\Video-for-PC-1.2) (Version: 1.34.2.13 - fun-games) <==== ATTENTION
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Wajam (HKLM-x32\...\Wajam) (Version: 2.13 - Wajam) <==== ATTENTION
WPM17.8.0.3393 (HKLM-x32\...\WPM) (Version: 17.8.0.3393 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

29-04-2014 18:05:12 Geplanter Prüfpunkt
17-06-2014 12:51:52 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe [2014-02-24] (PC Health Labs)
Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe [2014-03-03] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - System32\Tasks\Video-for-PC-1.2-updater => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - System32\Tasks\easy-deals2-enabler => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe [2014-03-25] (adassist2)
Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe [2014-03-03] () <==== ATTENTION
Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - System32\Tasks\easy-deals2-codedownloader => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe [2014-03-25] (adassist2)
Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2013-11-12] () <==== ATTENTION
Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION
Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - System32\Tasks\easy-deals2-chromeinstaller => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe [2014-03-25] (adassist2)
Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup)
Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - System32\Tasks\Video-for-PC-1.2-firefoxinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION
Task: {B4299654-83B1-4622-8B94-0AD038000AF6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - System32\Tasks\MySearchDial => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION
Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-01-15] (Systweak) <==== ATTENTION
Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\ReMar.exe [2014-03-03] () <==== ATTENTION
Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - System32\Tasks\Video-for-PC-1.2-enabler => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - System32\Tasks\Video-for-PC-1.2-chromeinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - System32\Tasks\easy-deals2-updater => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe [2014-03-25] (adassist2)
Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - System32\Tasks\Video-for-PC-1.2-codedownloader => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe [2014-03-03] (fun-games) <==== ATTENTION
Task: C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe
Task: C:\WINDOWS\Tasks\easy-deals2-codedownloader.job => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe
Task: C:\WINDOWS\Tasks\easy-deals2-enabler.job => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe
Task: C:\WINDOWS\Tasks\easy-deals2-updater.job => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\ReMar.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-25 15:37 - 2013-11-12 20:59 - 00417072 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-03-03 20:40 - 2014-03-03 20:40 - 00093184 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-02-06 22:19 - 2014-02-06 22:19 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-03-03 20:40 - 2014-03-03 20:40 - 00193536 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe
2014-02-26 07:19 - 2014-06-05 18:53 - 00317728 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe
2014-03-01 19:36 - 2014-06-05 18:44 - 00317728 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe
2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe
2014-03-24 15:33 - 2014-03-24 15:33 - 02952192 _____ () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe
2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe
2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-25 15:37 - 2013-11-12 21:00 - 00585608 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-25 15:37 - 2012-07-25 13:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-02-25 15:37 - 2014-01-15 19:53 - 01731312 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-03-03 20:43 - 2013-06-06 11:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll
2014-03-03 20:43 - 2014-02-19 16:59 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll
2014-02-06 22:19 - 2014-02-06 22:19 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-02-06 22:19 - 2014-02-06 22:19 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-02-06 22:18 - 2014-02-06 22:18 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00046624 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00068640 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srau.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 02282528 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00066592 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\spbl.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00014368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\siem.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00696352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00014880 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00078368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srut.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00029216 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00065056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srom.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smtu.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00038944 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smta.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00043552 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srbu.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00024096 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgml.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00061472 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00024608 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00043040 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-20 16:37 - 2014-03-20 16:37 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00035360 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00193056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgmu.dll
2014-03-20 16:36 - 2014-03-20 16:36 - 00061440 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00255008 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srns.dll
2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00077856 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srpt.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptc.dll
2014-03-20 16:38 - 2014-03-20 16:38 - 00018976 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srut.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\sppsm.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Personalization.Common.dll
2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xe84
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3
Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001069
ID des fehlerhaften Prozesses: 0x11fc
Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0
Pfad der fehlerhaften Anwendung: WSHost.exe1
Pfad des fehlerhaften Moduls: WSHost.exe2
Berichtskennung: WSHost.exe3
Vollständiger Name des fehlerhaften Pakets: WSHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b8

Startzeit: 01cf5f0e248d1577

Endzeit: 15

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf5184d3bce1d1

Endzeit: 31

Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (06/17/2014 02:44:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (06/17/2014 02:44:01 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht.

Error: (06/17/2014 01:39:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (06/17/2014 01:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8152.33 MB
Available physical RAM: 6018.29 MB
Total Pagefile: 16856.33 MB
Available Pagefile: 14537.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:633.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1328577F)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 17.06.2014, 14:00   #8
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Na dann auf zur Adware-Bekämpfung:






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 17.06.2014, 15:48   #9
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo Matthias,

AdwCleaner
Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 17/06/2014 um 15:08:40
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : CrashsmashLP - MY-PC
# Gestartet von : C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BackupStack
[#] Dienst Gelöscht : be0fb33b
Dienst Gelöscht : IePluginService
Dienst Gelöscht : LPTSystemUpdater
Dienst Gelöscht : pcsuservice
Dienst Gelöscht : Re-markit
[#] Dienst Gelöscht : Update FindRight
[#] Dienst Gelöscht : Util FindRight
Dienst Gelöscht : WajamUpdaterV3
Dienst Gelöscht : Wpm
Dienst Gelöscht : wStLib64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\RandoMPricce
Ordner Gelöscht : C:\ProgramData\SaveClicker
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\FindRight
Ordner Gelöscht : C:\Program Files (x86)\LPT
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial
Ordner Gelöscht : C:\Program Files (x86)\PC Health Kit
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Re-markit-soft
Ordner Gelöscht : C:\Program Files (x86)\Software Updater
Ordner Gelöscht : C:\Program Files (x86)\supporter
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\System Speedup
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files (x86)\easy-deals2
Ordner Gelöscht : C:\Program Files (x86)\Video-for-PC-1.2
Ordner Gelöscht : C:\Program Files (x86)\SaveClicker
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\CRASHS~1\AppData\Local\Temp\AirInstaller
Ordner Gelöscht : C:\Users\CRASHS~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\LPT
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\torch
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\LocalLow\Mysearchdial
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Mysearchdial
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\PC Health Kit
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\System Speedup
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Ordner Gelöscht : C:\Users\CrashsmashLP\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp
Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce
[!] Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
Datei Gelöscht : C:\END
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
Datei Gelöscht : C:\WINDOWS\System32\drivers\wStLib64.sys
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\sasnative64.exe
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\WINDOWS\Tasks\MySearchDial.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\MySearchDial
Datei Gelöscht : C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro
Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
Datei Gelöscht : C:\WINDOWS\Tasks\Re-markit Update.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Re-markit Update
Datei Gelöscht : C:\WINDOWS\Tasks\Re-markit_wd.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Re-markit_wd
Datei Gelöscht : C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\SpeedUpMyPC Maintenance
Datei Gelöscht : C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\SpeedUpMyPC Startup
Datei Gelöscht : C:\WINDOWS\Tasks\System Speedup_DEFAULT.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\System Speedup_DEFAULT
Datei Gelöscht : C:\WINDOWS\Tasks\System Speedup_UPDATES.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\System Speedup_UPDATES
Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-chromeinstaller
Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-codedownloader.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-codedownloader
Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-enabler.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-enabler
Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-updater.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-updater
Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-chromeinstaller
Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-codedownloader
Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-enabler
Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-firefoxinstaller
Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-updater

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveClicker.SaveClicker
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveClicker.SaveClicker.2.1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311991194}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322992294}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355995594}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366996694}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344994494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544154478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311991194}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de871501-6bf6-4966-832c-873c8d3e2454}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f807afa9-be95-471d-82d9-81da7961b6d7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dc9b8d9-3232-4c81-907c-411363ef8147}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d47625b9-cde9-47f6-ae05-46aef82dccd0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311991194}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322992294}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355995594}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366996694}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de871501-6bf6-4966-832c-873c8d3e2454}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f807afa9-be95-471d-82d9-81da7961b6d7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dc9b8d9-3232-4c81-907c-411363ef8147}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d47625b9-cde9-47f6-ae05-46aef82dccd0}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\PC Health Kit
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\SoftwareUpdater
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\easy-deals2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Video-for-PC-1.2
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\awesomehpSoftware
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\mysearchdial
Schlüssel Gelöscht : HKLM\Software\Speedchecker Limited
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\System Speedup
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\Software\easy-deals2
Schlüssel Gelöscht : HKLM\Software\Video-for-PC-1.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Kit_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\easy-deals2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video-for-PC-1.2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : iobhlofholalpkgbeoeobhckdmfpcpce
Gelöscht [Extension] : lndipknmjijnalnkamonmljeaojdbpna
Gelöscht [Extension] : ombmmloebnfnpehgjnmkcgoegfachobp

*************************

AdwCleaner[R0].txt - [45728 octets] - [17/06/2014 15:08:18]
AdwCleaner[S0].txt - [35889 octets] - [17/06/2014 15:08:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35950 octets] ##########
         
Malware Bytes
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.06.2014
Suchlauf-Zeit: 15:32:19
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.17.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: CrashsmashLP

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280496
Verstrichene Zeit: 8 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.FindRight.A, HKLM\SOFTWARE\WOW6432NODE\FindRight, In Quarantäne, [1e6bfe7b81fa75c183da5d62e022a25e], 
PUP.Optional.EasyDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\easy-deals2, In Quarantäne, [cbbed4a5bdbeea4c16b8942234ce20e0], 
PUP.Optional.FindRight.A, HKU\S-1-5-21-505307628-1853979233-654877678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FindRight, In Quarantäne, [583155242a5173c34a145f6026dce31d], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[6821e1989be0af877df27efc29dbae52]

Ordner: 6
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce, In Quarantäne, [79106217ef8c9e9899d3c4cdee1415eb], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0, In Quarantäne, [26636910ee8d44f2add65141a35f4db3], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0, In Quarantäne, [3554bfbac7b483b3444ec4cebe4414ec], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, In Quarantäne, [a9e08bee007b85b16858e7b920e29868], 

Dateien: 48
Trojan.FakeMS, C:\ProgramData\jgvmqbe.faa, In Quarantäne, [127706739ae12313f53480f3ba4726da], 
PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nssA503.tmp, In Quarantäne, [5f2a7405b8c30432689b90775aaa58a8], 
PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsxB69.tmp, In Quarantäne, [96f340397308a29435cedb2c48bcad53], 
PUP.Optional.ScramblePacker.A, C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe, In Quarantäne, [2a5f99e05229b1856edd8df2b9486e92], 
PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\ICReinstall_nsb3C3B.tmp, In Quarantäne, [bccde6936b10f3439b68a3640cf8ac54], 
PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsb3C3B.tmp, In Quarantäne, [64254f2a6219c472bf44a760887ca957], 
PUP.Optional.SearchProtect.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe, In Quarantäne, [19705029e596bb7b19c62b01cf321be5], 
PUP.Optional.SearchProtect.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe, In Quarantäne, [66233a3f88f3300656893eeee31e9070], 
PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsj74AE.tmp, In Quarantäne, [a4e52d4cd7a49f97df240dfa679d59a7], 
PUP.Optional.MySearchDial.A, C:\Users\CrashsmashLP\AppData\Local\Temp\is105043906\mysearchdial.dll, In Quarantäne, [1a6fc1b8a6d55ed8c5b9a0b614ed14ec], 
Trojan.Agent.ED, C:\Users\CrashsmashLP\AppData\Local\Temp\Low\0437.dll, In Quarantäne, [167316635e1db383300c18576998946c], 
PUP.Optional.Conduit.A, C:\Users\CrashsmashLP\AppData\Local\Temp\e8937d79-19d0-4fc4-9a4d-e58a30adeae3\spidentifierimpl.exe, In Quarantäne, [c2c77009a9d2201600d8275fa65b58a8], 
PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\tugs_awesomehp.exe, In Quarantäne, [6029c8b1601b5ed84a6d2039f20f2ad6], 
PUP.Optional.ScramblePacker.A, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\videoforpc.exe, In Quarantäne, [46437ffa6912e74f1536dba4f1108f71], 
PUP.Optional.SilenceInstall, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\VOPackage.exe, In Quarantäne, [c0c9cbae1269ed49805b78c221df817f], 
PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\package1.zip, In Quarantäne, [34557108057680b62ff49f93a45c847c], 
PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\QQBrowserFrame.dll, In Quarantäne, [7a0fcfaa4437fb3be24176bc9b653fc1], 
PUP.Optional.SupTab.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\tmp\SupTab.exe, In Quarantäne, [e9a051289cdfb680b7a2b97cc8381ae6], 
PUP.Optional.WpManager, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\tmp\wpm.exe, In Quarantäne, [721783f60873b086d8747ce8a9589e62], 
PUP.Optional.OpenCandy, C:\Users\CrashsmashLP\AppData\Local\Temp\nseA3A1.tmp\OCSetupHlp.dll, In Quarantäne, [3c4dc0b9700bab8b6c326b3353b1a15f], 
PUP.Optional.Conduit.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nsq6ECB\SpSetup.exe, In Quarantäne, [8ffa1663e39838fe8c45938ed62b36ca], 
PUP.LoadTubes, C:\Users\CrashsmashLP\Downloads\bandicam.exe, In Quarantäne, [0683f68380fbe84ec9a04fba7d83d52b], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\1b44dae2.msi, In Quarantäne, [c0c94732146706309a3d5f2714ed8b75], 
PUP.Optional.LiveLyrics.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [25640277e893979ff0dd406ae71b45bb], 
PUP.Optional.LiveLyrics.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [03860c6d116a290d9439d4d6ff0342be], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage, In Quarantäne, [5336e79205762b0b55b04e67a26056aa], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage-journal, In Quarantäne, [2b5ec6b3b4c77eb8c540f2c326dcbc44], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0.localstorage, In Quarantäne, [315811682e4de15588a7b63e47bc2cd4], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0.localstorage-journal, In Quarantäne, [f6931564fe7d0630b778b63e4db6c937], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000005.ldb, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000014.ldb, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000015.log, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\CURRENT, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOCK, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOG, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOG.old, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\MANIFEST-000013, In Quarantäne, [97f2e29726557fb7196931616f935ea2], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0\1, In Quarantäne, [26636910ee8d44f2add65141a35f4db3], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0\2, In Quarantäne, [3554bfbac7b483b3444ec4cebe4414ec], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000005.ldb, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000011.ldb, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000012.log, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\CURRENT, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOCK, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG.old, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\MANIFEST-000010, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], 
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, In Quarantäne, [a9e08bee007b85b16858e7b920e29868], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Zoek
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by CrashsmashLP on 17.06.2014 at 16:06:12,71.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\CrashsmashLP\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

17.06.2014 16:08:37 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Mozilla\Firefox\Extensions\{18cb1911-bb8b-407a-a031-fffc8d7b664c} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\CrashsmashLP\AppData\LocalLow\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted
C:\Users\CrashsmashLP\AppData\Local\Packages\windows_ie_ac_001\AC\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted
C:\Users\CrashsmashLP\AppData\Local\Packages\windows_ie_ac_001\AC\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted
C:\PROGRA~3\30749dcefd186a6c deleted
C:\Support deleted
C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\CrashsmashLP\AppData\Local\nspD84C.tmp deleted
C:\Users\CrashsmashLP\AppData\LocalLow\store-pp.jbs deleted
C:\Users\CrashsmashLP\Desktop\FREE Games.url deleted
"C:\Users\CrashsmashLP\AppData\Roaming\convert\convert.exe" deleted
"C:\Users\CrashsmashLP\AppData\Roaming\convert" deleted

==== Chrome Look ======================

SaveClicker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
SaveClicker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
SaveClicker - CrashsmashLP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
Create Short URL - CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce
Week Index - CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
SaveClicker - CrashsmashLP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
SaveClicker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo
SaveClicker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\CrashsmashLP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\CrashsmashLP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.de/"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.de/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A014A11-3D9E-44BD-9431-2DB67F752CB9} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\674d5dbc-360d-4da7-aa62-80d47d9437b8 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\11A410A3E9D3DB444913D26BF757C29B deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CrashsmashLP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\CrashsmashLP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=56 folders=37 49110969 bytes)

==== Empty Temp Folders ======================

C:\Users\CrashsmashLP\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\CRASHS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 17.06.2014 at 16:20:42,02 ======================
         

Alt 17.06.2014, 15:49   #10
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



hier teil 2..es war etwas zu lang um alles in den ersten Teil zu packen.


FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 16:25:28
Running from C:\Users\CrashsmashLP\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
(GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] ()
HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" 
Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google Search) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17]
CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05]
CHR Extension: (Gmail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-17 23:43 - 2014-06-17 16:25 - 00000000 ____D () C:\FRST
2014-06-17 16:25 - 2014-06-17 16:25 - 00013623 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt
2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 16:25 - 2014-06-17 13:37 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe
2014-06-17 16:22 - 2014-06-17 15:11 - 00036259 _____ () C:\Users\CrashsmashLP\Desktop\AdwCleaner[S0].txt
2014-06-17 16:20 - 2014-06-17 16:20 - 00011858 _____ () C:\Users\CrashsmashLP\Desktop\zoek-results.txt
2014-06-17 16:20 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-17 16:20 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-17 16:17 - 2014-06-17 16:25 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-17 16:17 - 2014-06-17 16:06 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-06-17 16:08 - 2014-06-17 16:20 - 00011858 _____ () C:\zoek-results.log
2014-06-17 15:49 - 2014-06-17 16:16 - 00000000 ____D () C:\zoek_backup
2014-06-17 15:46 - 2014-06-17 15:46 - 00011680 _____ () C:\Users\CrashsmashLP\Desktop\mbam.txt
2014-06-17 15:41 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-17 15:41 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-17 15:41 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-06-17 15:41 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-06-17 15:41 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-06-17 15:41 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-06-17 15:41 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-17 15:41 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-17 15:41 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-17 15:41 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-17 15:39 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-17 15:39 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-17 15:39 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2014-06-17 15:39 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-17 15:39 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-17 15:39 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-17 15:39 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-17 15:39 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-17 15:39 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-17 15:39 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-17 15:39 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-17 15:39 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-17 15:39 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2014-06-17 15:38 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-17 15:38 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-17 15:38 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-17 15:38 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-17 15:38 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-06-17 15:37 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-17 15:37 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-17 15:37 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-17 15:37 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-17 15:37 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-17 15:37 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-17 15:37 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-17 15:37 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-17 15:37 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-06-17 15:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-17 15:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-17 15:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-17 15:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-17 15:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-17 15:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-17 15:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-17 15:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-17 15:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-17 15:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-17 15:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-17 15:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-17 15:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-17 15:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-17 15:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-17 15:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-17 15:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-17 15:36 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-06-17 15:36 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2014-06-17 15:36 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2014-06-17 15:36 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-06-17 15:36 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2014-06-17 15:36 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2014-06-17 15:36 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-17 15:36 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-06-17 15:36 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-06-17 15:36 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2014-06-17 15:36 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2014-06-17 15:36 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2014-06-17 15:36 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-06-17 15:36 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2014-06-17 15:36 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2014-06-17 15:36 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2014-06-17 15:36 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-06-17 15:36 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2014-06-17 15:36 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2014-06-17 15:36 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-17 15:36 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-06-17 15:36 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2014-06-17 15:36 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-06-17 15:36 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2014-06-17 15:36 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-06-17 15:36 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2014-06-17 15:36 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-06-17 15:36 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-06-17 15:36 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2014-06-17 15:36 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-17 15:36 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-17 15:36 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-06-17 15:34 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-06-17 15:34 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-06-17 15:34 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-06-17 15:34 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-06-17 15:34 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-17 15:34 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-17 15:34 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-17 15:34 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-06-17 15:33 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-17 15:33 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-06-17 15:20 - 2014-06-17 15:45 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 15:19 - 2014-06-17 15:19 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 15:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-17 15:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-17 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-17 15:08 - 2014-06-17 15:11 - 00000000 ____D () C:\AdwCleaner
2014-06-17 15:07 - 2014-06-17 15:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CrashsmashLP\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-17 15:07 - 2014-06-17 15:03 - 01333465 _____ () C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe
2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk

==================== One Month Modified Files and Folders =======

2014-06-17 16:26 - 2014-02-02 10:16 - 00000213 _____ () C:\Users\CrashsmashLP\Documents\pms.xml
2014-06-17 16:25 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST
2014-06-17 16:25 - 2014-06-17 16:25 - 00013623 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt
2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-17 16:25 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp
2014-06-17 16:25 - 2014-02-03 17:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001
2014-06-17 16:25 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-17 16:24 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat
2014-06-17 16:24 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat
2014-06-17 16:24 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 16:20 - 2014-06-17 16:20 - 00011858 _____ () C:\Users\CrashsmashLP\Desktop\zoek-results.txt
2014-06-17 16:20 - 2014-06-17 16:08 - 00011858 _____ () C:\zoek-results.log
2014-06-17 16:20 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 16:20 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-17 16:20 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-17 16:19 - 2012-08-01 17:51 - 00037984 _____ () C:\WINDOWS\PFRO.log
2014-06-17 16:19 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-17 16:17 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg
2014-06-17 16:17 - 2012-11-03 00:17 - 01402216 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 16:16 - 2014-06-17 15:49 - 00000000 ____D () C:\zoek_backup
2014-06-17 16:08 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-17 16:06 - 2014-06-17 16:17 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-06-17 16:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-17 16:03 - 2014-02-25 16:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-17 16:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-17 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-17 15:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-17 15:46 - 2014-06-17 15:46 - 00011680 _____ () C:\Users\CrashsmashLP\Desktop\mbam.txt
2014-06-17 15:45 - 2014-06-17 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 15:19 - 2014-06-17 15:19 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-17 15:11 - 2014-06-17 16:22 - 00036259 _____ () C:\Users\CrashsmashLP\Desktop\AdwCleaner[S0].txt
2014-06-17 15:11 - 2014-06-17 15:08 - 00000000 ____D () C:\AdwCleaner
2014-06-17 15:11 - 2014-02-02 10:16 - 00001020 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-17 15:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-06-17 15:04 - 2014-06-17 15:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CrashsmashLP\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-17 15:03 - 2014-06-17 15:07 - 01333465 _____ () C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe
2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk
2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule
2014-06-17 13:37 - 2014-06-17 16:25 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe
2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log
2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-01 17:17 - 2014-02-25 16:13 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-31 07:16 - 2014-06-17 16:20 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:16 - 2014-06-17 16:20 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-24 04:48 - 2014-06-17 15:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-05-24 04:47 - 2014-06-17 15:36 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-05-24 04:47 - 2014-06-17 15:36 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-05-24 04:47 - 2014-06-17 15:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-05-24 04:47 - 2014-06-17 15:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-05-24 04:46 - 2014-06-17 15:37 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-24 04:46 - 2014-06-17 15:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-05-24 04:46 - 2014-06-17 15:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-05-24 04:45 - 2014-06-17 15:37 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-05-24 04:45 - 2014-06-17 15:37 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-05-24 04:45 - 2014-06-17 15:36 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-05-24 03:26 - 2014-06-17 15:37 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-24 03:26 - 2014-06-17 15:37 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-24 03:26 - 2014-06-17 15:36 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-05-24 03:26 - 2014-06-17 15:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-05-24 03:26 - 2014-06-17 15:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-05-24 03:26 - 2014-06-17 15:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-05-24 03:26 - 2014-06-17 15:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-05-24 03:25 - 2014-06-17 15:37 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-05-24 03:25 - 2014-06-17 15:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-05-24 03:25 - 2014-06-17 15:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-05-24 03:25 - 2014-06-17 15:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-05-24 03:09 - 2014-06-17 15:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-24 03:03 - 2014-06-17 15:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-24 00:37 - 2014-06-17 15:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-17 10:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by CrashsmashLP at 2014-06-17 16:26:10
Running from C:\Users\CrashsmashLP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)
Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version:  - Ubisoft Reflections)
FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Lollipop (HKCU\...\lollipop_03241333) (Version:  - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version:  - Milestone S.r.l.)
NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden
Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version:  - 1C-Avalon)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)
Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version:  - Ubisoft Montreal)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version:  - Slightly Mad Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - Redlynx Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

==================== Restore Points  =========================

29-04-2014 18:05:12 Geplanter Prüfpunkt
17-06-2014 12:51:52 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION
Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION
Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION
Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION
Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION
Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION
Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION
Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A7580209-C80F-47FF-A5A9-923712615780} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {ADC4169D-889E-48FC-A412-493E05B2A5A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION
Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION
Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION
Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe
2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll
2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xe84
Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0
Pfad der fehlerhaften Anwendung: Re-markit155.exe1
Pfad des fehlerhaften Moduls: Re-markit155.exe2
Berichtskennung: Re-markit155.exe3
Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000001069
ID des fehlerhaften Prozesses: 0x11fc
Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0
Pfad der fehlerhaften Anwendung: WSHost.exe1
Pfad des fehlerhaften Moduls: WSHost.exe2
Berichtskennung: WSHost.exe3
Vollständiger Name des fehlerhaften Pakets: WSHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b8

Startzeit: 01cf5f0e248d1577

Endzeit: 15

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c2c

Startzeit: 01cf5184d3bce1d1

Endzeit: 31

Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (06/17/2014 04:19:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/17/2014 04:15:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/17/2014 04:15:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/17/2014 03:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (06/17/2014 03:15:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1243

Error: (06/17/2014 03:10:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wpm erreicht.

Error: (06/17/2014 03:09:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IePluginService erreicht.


Microsoft Office Sessions:
=========================
Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad

Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88

Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425

Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88

Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall

Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 8152.33 MB
Available physical RAM: 6756.93 MB
Total Pagefile: 16856.33 MB
Available Pagefile: 15390.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:630.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.73 GB) (Free:3.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1328577F)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Ich hoffe das passt alles soweit

Alt 17.06.2014, 18:08   #11
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Du hast alles richtig gemacht.




Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17]
CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17]
CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05]
Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe
C:\Program Files (x86)\PC Health Kit
C:\Users\CrashsmashLP\AppData\Roaming\VOPackage
Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION
Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION
Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION
Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION
Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION
Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION
Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION
Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION
Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION
Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION
Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION
Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION
Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :folderfind
    *FindRight*
    *Lollipop*
    
    :regfind
    FindRight
    Lollipop
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 18.06.2014, 15:23   #12
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo,

Der ESET Online Scanner läuft mittlerweile seit über 4 Stunden und steht noch bei 0 %. Ich hatte ihn vorher schonmal gestartet und dann die Testversion von McAfee deinstalliert und neugestartet. Checkup habe ich dann einfach mal während dem Lauf von ESET gestartet.

Hier schonmal die 3 anderen Logs. Mein Bekannter will den Rechner heute Abend abholen weil er ihn morgen benötigt, sehr viel mehr "Problemlösung" werden wir also nicht mehr schaffen.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by CrashsmashLP at 2014-06-18 09:14:08 Run:2
Running from G:\vierter lauf
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17]
CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17]
CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05]
Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe
C:\Program Files (x86)\PC Health Kit
C:\Users\CrashsmashLP\AppData\Roaming\VOPackage
Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION
Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION
Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION
Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION
Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION
Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION
Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION
Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION
C:\Program Files (x86)\System Speedup
Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION
Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION
Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION
Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION
Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION
Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION
Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION
Reboot:
end
         
*****************

HKU\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop_03241333 => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna => Moved successfully.
C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce => Moved successfully.
C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{055ACA79-76E3-4128-9A88-C6E53D5DA306}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055ACA79-76E3-4128-9A88-C6E53D5DA306}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_UPDATES' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E121932-2C16-4C4A-8EF9-C7F7D30F38D9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E121932-2C16-4C4A-8EF9-C7F7D30F38D9}' => Key deleted successfully.
C:\Windows\System32\Tasks\PC Health Kit Schedule => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Kit Schedule' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF}' => Key deleted successfully.
C:\Windows\System32\Tasks\Ongoing package check => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ongoing package check' => Key deleted successfully.
"C:\Program Files (x86)\PC Health Kit" => File/Directory not found.
"C:\Users\CrashsmashLP\AppData\Roaming\VOPackage" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{340156DF-4365-49B2-8BF7-7882DE5C2404}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340156DF-4365-49B2-8BF7-7882DE5C2404}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-updater' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39AAB40E-30F9-4F34-85D3-09C9BE511890}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39AAB40E-30F9-4F34-85D3-09C9BE511890}' => Key deleted successfully.
C:\Windows\System32\Tasks\System Speedup => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B6C35EB-7A11-4D36-9B69-8E19E7B6B437}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6C35EB-7A11-4D36-9B69-8E19E7B6B437}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-enabler' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CF1CB1A-F362-4425-9731-7197968BFE87}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CF1CB1A-F362-4425-9731-7197968BFE87}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit_wd' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{570E3154-D7CA-4070-874E-1FAE5591AB83}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570E3154-D7CA-4070-874E-1FAE5591AB83}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-codedownloader' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{600F52E3-C80A-4AD1-AA02-0AA4642EAEBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{600F52E3-C80A-4AD1-AA02-0AA4642EAEBA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{629C9F0B-6229-4BDF-BA53-0FA07EA89CD1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{629C9F0B-6229-4BDF-BA53-0FA07EA89CD1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6522885D-569C-4DA3-A081-6E2D5FAAFEA8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6522885D-569C-4DA3-A081-6E2D5FAAFEA8}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67D0416B-EA61-4694-804D-D5F53AD96F47}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D0416B-EA61-4694-804D-D5F53AD96F47}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-chromeinstaller' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{808095AD-620F-43E6-B0B4-BB1BAADE8106}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{808095AD-620F-43E6-B0B4-BB1BAADE8106}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_DEFAULT' => Key deleted successfully.
"C:\Program Files (x86)\System Speedup" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC7C4170-C8A2-42BB-A9B9-C0A24716F594}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC7C4170-C8A2-42BB-A9B9-C0A24716F594}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-firefoxinstaller' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3AC06F8-6001-479A-87AA-C31D1122CAD5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3AC06F8-6001-479A-87AA-C31D1122CAD5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C97D9686-3DEE-4D40-BCAC-0D062733668D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C97D9686-3DEE-4D40-BCAC-0D062733668D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD2A0605-4783-40E9-AE9C-E56621E3C9FE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD2A0605-4783-40E9-AE9C-E56621E3C9FE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE8B386F-AD9C-4455-B59E-AE803FDFEE5A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE8B386F-AD9C-4455-B59E-AE803FDFEE5A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E861AB9D-879B-4B73-BB70-E116C24F1354}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E861AB9D-879B-4B73-BB70-E116C24F1354}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-enabler' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAE12587-3082-4C98-82DE-A0CFFE84C912}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE12587-3082-4C98-82DE-A0CFFE84C912}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-chromeinstaller' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFB336BD-EBF4-4B09-B03D-0A60FFD171A2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFB336BD-EBF4-4B09-B03D-0A60FFD171A2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-updater' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA0B6CE9-6845-401E-BDB7-E366370D2275}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0B6CE9-6845-401E-BDB7-E366370D2275}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-codedownloader' => Key deleted successfully.


The system needed a reboot. 

==== End of Fixlog ====
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 09:16 on 18/06/2014 by CrashsmashLP
Administrator - Elevation successful

========== folderfind ==========

Searching for "*FindRight*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight	d------	[13:10 17/06/2014]

Searching for "*Lollipop*"
C:\AdwCleaner\Quarantine\C\Users\CrashsmashLP\AppData\Local\lollipop	d------	[13:11 17/06/2014]

========== regfind ==========

Searching for "FindRight"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-505307628-1853979233-654877678-1001\Software\FindRight]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"DisplayName"="FindRight"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"UninstallString"="C:\Program Files (x86)\FindRight\FindRightuninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"QuietUninstallString"="C:\Program Files (x86)\FindRight\FindRightuninstall.exe /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"InstallLocation"="C:\Program Files (x86)\FindRight"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"DisplayIcon"="C:\Program Files (x86)\FindRight\FindRight.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"Publisher"="FindRight"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"HelpLink"="mailto:support@myfindright.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"URLUpdateInfo"="hxxp://myfindright.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight]
"URLInfoAbout"="hxxp://myfindright.com/support"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Update FindRight]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util FindRight]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update FindRight]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util FindRight]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateFindRight.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilFindRight.exe]
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-505307628-1853979233-654877678-1001\Software\FindRight]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateFindRight.exe]
[HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilFindRight.exe]

Searching for "Lollipop"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2d439c27_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_17aa3665&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume5\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"DisplayName"="Lollipop"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"UninstallString"=""c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.bat""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"DisplayIcon"="c:\users\crashsmashlp\appdata\local\lollipop\logo.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"Publisher"="Lollipop Network, S.L."
[HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_03241333.exe]
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="lollipop_03241333.exe"
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2d439c27_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_17aa3665&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume5\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"DisplayName"="Lollipop"
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"UninstallString"=""c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.bat""
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"DisplayIcon"="c:\users\crashsmashlp\appdata\local\lollipop\logo.ico"
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333]
"Publisher"="Lollipop Network, S.L."
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Classes\Applications\lollipop_03241333.exe]
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="lollipop_03241333.exe"
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001_Classes\Applications\lollipop_03241333.exe]
[HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication]
"Name"="lollipop_03241333.exe"

-= EOF =-
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 33.0.1750.154  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
ESET ist nun nach fast 7 Stunden fertig..und ist ohne Fehler fertig gelaufen. Mein Bekannter holt den Rechner gleich ab, vielen Dank für die investierte Zeit und Mühe.

Alt 19.06.2014, 09:52   #13
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Es würde mich freuen, wenn du deinem Bekannten noch folgende Tipps mit auf den Weg geben könntest:



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 19.06.2014, 21:10   #14
DGutschalk
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Hallo Matthias,

Ich danke dir nochmals für deine tolle Unterstützung. Du kannst dieses Thema nun aus deinem Abo entfernen. Deinen Hinweis das TB zu unterstützen habe ich gern aufgenommen.

Alt 20.06.2014, 13:24   #15
M-K-D-B
/// TB-Ausbilder
 
Windows 8 GVU Trojaber - Standard

Windows 8 GVU Trojaber



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Windows 8 GVU Trojaber
awesomehp, awesomehp entfernen, page"="https://www.google.de/", pup.loadtubes, pup.optional.amazonbrowserbar.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.easydeals.a, pup.optional.findright.a, pup.optional.installcore, pup.optional.livelyrics.a, pup.optional.mysearchdial.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.scramblepacker.a, pup.optional.searchprotect.a, pup.optional.silenceinstall, pup.optional.skytech.a, pup.optional.snapdo.a, pup.optional.suptab.a, pup.optional.wpmanager, trojan.agent.ed, trojan.fakems, vcredist




Zum Thema Windows 8 GVU Trojaber - Hallo, Ein Bekannter hat mich gebeten mal zu schauen ob ich den GVU Trojaner von seinem Rechner schmeißen kann. Da ich nicht von meinem USB Stick booten kann um Kaspersky - Windows 8 GVU Trojaber...
Archiv
Du betrachtest: Windows 8 GVU Trojaber auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.