Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.01.2015, 21:16   #1
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Hallo,

ich habe wie im Titel beschrieben die Probleme das in jedem Internetbrowser ständig Werbeeinblendungen und Pop-Ups aufploppen. Diese sind meist mit vermeidlichen Sicherheitshinweisen auf neue Updates gekoppelt, welche offensichtlich das Problem nur noch verstärken würden.

Der Laptop ist mein Privater wird allerdings auch für die Lohnabrechnung der Firma genutzt in der ich arbeite, wenn das als gewerblich gesehen wird bin ich gern bereit etwas zu spenden bzw. spende ich eh einen kleinen Obolus, weil ich dankbar bin das es euch gibt.

Nun zu den Logs:

Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:14 on 01/01/2015 (Steffen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Steffen (administrator) on HUTH on 01-01-2015 21:16:33
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Abengine) C:\Program Files (x86)\Flwsrf\abengine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
() C:\Program Files (x86)\Flwsrf\ijs.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\rcore.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\Steffen\AppData\Local\ConvertAd\CASrv.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella223.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
() C:\Users\Steffen\AppData\Roaming\WHService\wh.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acute Angle Solutions Ltd) C:\ProgramData\xKThMviKU\tDXhXFflBot.exe
() C:\Program Files (x86)\CinemaP-1.4cV19.12\a8fc47fa-42dd-46a5-acf3-5d3191cc53bc-6.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [framei] => C:\Users\Steffen\AppData\Local\ContextTrue\framei.exe
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\RunOnce: [Adobe Speed Launcher] => 1420140402
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-10] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] ()
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://tikotin.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M2C8CEFCC-FF02-412C-9378-8C07038B132D&SearchSource=58&CUI=&UM=8&UP=SP92898ACF-A069-44C6-B59F-E3A8BBF9A8FC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {D82A0883-FE62-4078-B268-D5E0DD28B40D} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Steffen\AppData\LocalLow\IE-BHO\bho.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\abengine.dll [324592] (Abengine)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\abengine64.dll [370880] (Abengine)
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Homepage: hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: YoutubeAdBlocke - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org [2014-12-22]
FF Extension: PriceLess - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk [2014-12-22]
FF Extension: Web Security - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\zz@JDkfjdK [2014-12-19]
FF Extension: Foxtab Speed Dial - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-12-20]
FF HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Firefox\Extensions: [{2AE1004D-E0B5-DFE8-A79C-C05DD882F6BC}] - C:\Program Files (x86)\ver6BlockAndSurf\184.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (CinemaP-1.4cV19.12) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe [2014-12-19]
CHR Extension: (Closed tabs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah [2014-12-22]
CHR Extension: (PriceLess) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh [2014-12-22]
CHR Extension: (BlockAndSurf) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmpghpbbgnkhgolmifdhbbcanlejkoe [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 abengine; C:\Program Files (x86)\Flwsrf\abengine.exe [1348168 2014-12-05] (Abengine) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
U2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3320640 2014-12-10] (Client Connect LTD) [File not signed]
R2 InjectorService; C:\Program Files (x86)\Flwsrf\ijs.exe [164352 2014-11-29] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WHService; C:\Users\Steffen\AppData\Roaming\WHService\wh.exe [628736 2014-10-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 21:15 - 2015-01-01 21:16 - 00000000 ____D () C:\FRST
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-01 21:16 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2015-01-01 21:11 - 2015-01-01 21:11 - 00000000 _____ () C:\Users\Steffen\Desktop\Neues Textdokument (2).txt
2015-01-01 20:57 - 2015-01-01 20:57 - 00050477 _____ () C:\Users\Steffen\Downloads\Defogger.exe
2015-01-01 20:35 - 2015-01-01 21:14 - 00000341 _____ () C:\Users\Steffen\Desktop\Neues Textdokument.txt
2014-12-22 11:28 - 2014-12-22 11:28 - 00000000 ____D () C:\SafeWeb
2014-12-22 10:35 - 2014-12-22 11:40 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 10:15 - 2014-12-22 13:18 - 00000000 ____D () C:\Users\Steffen\AppData\Local\mbot_de_348
2014-12-22 10:15 - 2014-12-22 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2014-12-22 10:15 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\mbot_de_348
2014-12-22 09:20 - 2014-12-22 09:20 - 00002101 _____ () C:\Users\Steffen\Desktop\chrome.lnk
2014-12-22 09:10 - 2014-12-22 09:20 - 00000000 ____D () C:\Users\Steffen\AppData\Local\BoBrowser
2014-12-22 09:10 - 2014-12-22 09:10 - 00003144 _____ () C:\WINDOWS\System32\Tasks\Run_Bobby_Browser
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:06 - 2014-12-22 09:06 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-22 09:02 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Browser Guard
2014-12-22 09:02 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Browser Guard
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 09:02 - 2014-12-22 09:11 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-12-22 09:02 - 2014-12-22 09:02 - 00004008 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-12-22 09:01 - 2014-12-22 09:01 - 00003456 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2014-12-22 09:01 - 2014-12-22 09:01 - 00003192 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2014-12-22 09:00 - 2014-12-22 09:09 - 00000000 ____D () C:\Users\Steffen\Documents\ProPCCleaner
2014-12-22 09:00 - 2014-12-22 09:00 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pro_PC_Cleaner
2014-12-22 08:59 - 2014-12-22 08:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-12-22 08:59 - 2014-12-21 09:15 - 04959744 ____N () C:\WINDOWS\rcore.exe
2014-12-22 08:41 - 2014-12-22 08:41 - 00000000 ____D () C:\Program Files (x86)\Supporter
2014-12-22 08:40 - 2014-12-22 09:40 - 00000000 ____D () C:\ProgramData\YoutubeAdBlocke
2014-12-22 08:40 - 2014-12-22 09:33 - 00000000 ____D () C:\ProgramData\e5bd47f38a427370
2014-12-22 08:40 - 2014-12-22 09:33 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2014-12-22 08:40 - 2014-12-22 09:29 - 00000000 ____D () C:\ProgramData\PriceLess
2014-12-22 08:40 - 2014-12-22 09:25 - 00000000 ____D () C:\Program Files (x86)\PriceLess
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Torch
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Chromatic Browser
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-20 08:57 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-12-20 08:57 - 2014-12-22 09:40 - 00000000 ____D () C:\Program Files (x86)\PlumoWeb
2014-12-19 21:21 - 2014-12-19 21:21 - 00075249 _____ () C:\Users\Steffen\Downloads\sf_alive.jsp
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-12-22 08:41 - 00000000 ____D () C:\ProgramData\1837308050
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:17 - 2014-12-19 19:24 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2014-12-19 19:17 - 2014-12-19 19:24 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2014-12-19 19:16 - 2014-12-19 19:16 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Google
2014-12-19 19:15 - 2014-12-19 19:36 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2014-12-19 19:15 - 2014-12-19 19:17 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2014-12-19 19:15 - 2014-12-19 19:17 - 00002810 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2014-12-19 19:15 - 2014-12-19 19:16 - 00002812 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2014-12-19 19:11 - 2014-12-19 19:11 - 00000000 ____D () C:\Users\Steffen\Documents\Optimizer Pro
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:10 - 2014-12-19 19:16 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:09 - 2014-12-19 19:09 - 00613057 _____ (CMI Limited) C:\Users\Steffen\AppData\Local\nsuE4DC.tmp
2014-12-19 19:09 - 2014-12-19 19:09 - 00000000 __SHD () C:\Users\Steffen\AppData\Roaming\AnyProtectEx
2014-12-19 19:08 - 2014-12-22 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-12-19 19:08 - 2014-12-19 19:29 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\systweak
2014-12-19 19:08 - 2014-12-19 19:08 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-12-19 19:08 - 2014-12-19 19:08 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\InetStat
2014-12-19 19:08 - 2014-12-08 17:01 - 00020216 _____ () C:\WINDOWS\system32\roboot64.exe
2014-12-19 19:07 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-12-19 19:07 - 2014-12-19 19:07 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SearchProtect
2014-12-19 19:06 - 2015-01-01 21:06 - 00000306 _____ () C:\WINDOWS\Tasks\Foxtab.job
2014-12-19 19:06 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\ConvertAd
2014-12-19 19:06 - 2014-12-19 19:06 - 00002644 _____ () C:\WINDOWS\System32\Tasks\Foxtab
2014-12-19 19:06 - 2014-12-19 19:06 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Foxtab
2014-12-19 19:06 - 2014-12-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Foxtab
2014-12-19 19:05 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.4
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\ver6BlockAndSurf
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 19:01 - 2014-12-22 08:40 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 19:01 - 2014-12-19 19:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:37 - 2014-12-22 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-12-19 18:37 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-12-19 18:33 - 2015-01-01 20:25 - 00001354 _____ () C:\WINDOWS\Tasks\QVUKV.job
2014-12-19 18:33 - 2015-01-01 20:25 - 00001348 _____ () C:\WINDOWS\Tasks\HQ.job
2014-12-19 18:33 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.4cV19.12
2014-12-19 18:33 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763
2014-12-19 18:33 - 2014-12-22 09:27 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-19 18:33 - 2014-12-19 18:33 - 00004358 _____ () C:\WINDOWS\System32\Tasks\QVUKV
2014-12-19 18:33 - 2014-12-19 18:33 - 00004352 _____ () C:\WINDOWS\System32\Tasks\HQ
2014-12-19 18:33 - 2014-12-19 18:33 - 00000000 ____D () C:\Users\Steffen\AppData\Local\globalUpdate
2014-12-19 18:32 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\VOPackage
2014-12-19 18:32 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-19 18:32 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\ContextTrue
2014-12-19 18:32 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Boost
2014-12-19 18:32 - 2014-12-19 18:32 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Boost
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:28 - 2014-12-22 11:40 - 00000000 ____D () C:\ProgramData\SafeWeb
2014-12-19 18:28 - 2014-12-19 18:30 - 00000000 ____D () C:\ProgramData\xKThMviKU
2014-12-19 18:28 - 2014-12-19 18:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\WHService
2014-12-19 18:27 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\WebEnhance
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Security Systems
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2015-01-01 20:25 - 00000000 ____D () C:\Program Files (x86)\Flwsrf
2014-12-19 18:26 - 2014-12-22 09:40 - 00004720 _____ () C:\WINDOWS\SysWOW64\abengine.ini
2014-12-19 18:26 - 2014-12-22 09:40 - 00002624 _____ () C:\WINDOWS\SysWOW64\abengineOff.ini
2014-12-19 18:26 - 2014-12-22 09:40 - 00002624 _____ () C:\WINDOWS\system32\abengineOff.ini
2014-12-19 18:26 - 2014-12-19 18:26 - 00003090 _____ () C:\WINDOWS\System32\Tasks\upfs7235
2014-12-19 18:26 - 2014-12-19 18:26 - 00000002 _____ () C:\END
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 18:12 - 2014-12-19 18:12 - 05402840 _____ (Canneverbe Limited ) C:\Users\Steffen\Downloads\cdbxp_setup_4.5.4.5143_minimal.exe
2014-12-19 10:22 - 2014-12-22 08:52 - 00120832 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 21:02 - 2014-06-24 19:39 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 21:01 - 2014-06-24 16:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-01 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:55 - 2014-02-24 12:43 - 01515232 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:35 - 2013-08-22 15:46 - 00054210 _____ () C:\WINDOWS\setupact.log
2015-01-01 20:28 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-01 20:25 - 2014-06-24 19:39 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 10:05 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-23 10:03 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-23 09:41 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-12-22 11:40 - 2014-02-24 13:00 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:40 - 2013-10-07 19:23 - 00520602 _____ () C:\WINDOWS\PFRO.log
2014-12-22 09:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-22 09:39 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-12-22 09:27 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 09:12 - 2013-08-22 15:44 - 00429008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-22 08:40 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2014-12-20 19:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:21 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 18:30 - 2014-06-24 21:02 - 00001404 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 18:30 - 2014-06-24 15:55 - 00001695 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 20:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:12 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe
C:\Users\Steffen\AppData\Local\Temp\294823_.exe
C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe
C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\Steffen\AppData\Local\Temp\88554C19-5386-F857-D694-3DA26BC81855.exe
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.dll
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.exe
C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe
C:\Users\Steffen\AppData\Local\Temp\Launcher__10890.exe
C:\Users\Steffen\AppData\Local\Temp\Launcher__9999.exe
C:\Users\Steffen\AppData\Local\Temp\oct21C0.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct4D9.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct60B4.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octA194.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octB2ED.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe
C:\Users\Steffen\AppData\Local\Temp\ose00000.exe
C:\Users\Steffen\AppData\Local\Temp\ose00001.exe
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Steffen\AppData\Local\Temp\setup_384.exe
C:\Users\Steffen\AppData\Local\Temp\SFRESTART.EXE
C:\Users\Steffen\AppData\Local\Temp\sfupd32.dll
C:\Users\Steffen\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 14:06

==================== End Of Log ============================
         
Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-01 21:17:48
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Flwsrf (HKLM-x32\...\Flwsrf) (Version: 3.0.0.2 - Flwsrf) <==== ATTENTION!
Foxtab (HKLM-x32\...\Foxtab) (Version:  - Foxtab) <==== ATTENTION!
Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.10.160 - Client Connect LTD) <==== ATTENTION
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-11-2014 13:45:50 Windows Update
05-12-2014 20:50:11 Geplanter Prüfpunkt
15-12-2014 18:50:53 Geplanter Prüfpunkt
19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {228B17FB-F350-4611-93AD-79A5F86E5007} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2F6B0BD5-6E24-4162-849B-D7BC1E5E9C78} - System32\Tasks\Run_Bobby_Browser => C:\Users\Steffen\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {3A60F664-E9F6-471B-8799-B8226E845909} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3A993A2E-1A96-4A65-B1C5-9AA1575ADE64} - System32\Tasks\Foxtab => C:\Users\Steffen\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3F1F0882-1F42-4E5A-AF8E-B8714F45C78C} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {53024CB7-66B5-4E06-ADDE-C30628C3AF52} - System32\Tasks\HQ => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {A3DF08E2-53DF-46CE-A080-97828F9632E3} - System32\Tasks\QVUKV => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION
Task: {B641DE18-6228-4911-B246-EABC63CB9F8F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {DABB7664-07AB-468A-B425-9C501A039571} - System32\Tasks\upfs7235 => C:\Program Files (x86)\Flwsrf\upfs7235.exe [2014-12-05] ()
Task: {E52772F7-8372-4CF3-9A84-DECE4CDD65D8} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FAB9BA5B-CEDF-4F5E-A7FC-511BFBCDFDF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {FE72B71B-B5BE-4DF4-9BEB-A319F37F3C83} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\Foxtab.job => C:\Users\Steffen\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HQ.job => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QVUKV.job => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-12-04 20:19 - 2014-12-04 20:19 - 00277584 ____N () C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe
2014-12-20 08:57 - 2014-12-18 16:58 - 00378152 ____N () C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
2014-11-29 13:26 - 2014-11-29 13:26 - 00164352 _____ () C:\Program Files (x86)\Flwsrf\ijs.exe
2014-12-22 08:59 - 2014-12-21 09:15 - 04959744 ____N () C:\WINDOWS\rcore.exe
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-19 19:06 - 2014-12-19 19:06 - 00143872 ____N () C:\Users\Steffen\AppData\Local\ConvertAd\CASrv.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-12-19 18:28 - 2014-10-15 08:10 - 00628736 _____ () C:\Users\Steffen\AppData\Roaming\WHService\wh.exe
2014-12-19 18:33 - 2014-12-19 18:33 - 01253856 ____N () C:\Program Files (x86)\CinemaP-1.4cV19.12\a8fc47fa-42dd-46a5-acf3-5d3191cc53bc-6.exe
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-22 08:41 - 2014-12-22 08:41 - 04214784 _____ () c:\Program Files (x86)\Supporter\Supporter.dll
2014-12-19 18:28 - 2014-12-19 18:28 - 00374272 _____ () C:\Users\Steffen\AppData\Roaming\WHService\sub\default.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service tDXhXFflBot since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service SProtection since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service CA Service component since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service rcores since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service GlobalUpdater since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Click Caption 1.10.0.4 Client Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service Supporter since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SPPD.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (12/22/2014 02:06:39 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/22/2014 02:06:04 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/22/2014 09:43:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 09:40:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 09:40:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 09:39:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (12/22/2014 09:39:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (12/22/2014 09:35:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update PlumoWeb" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/22/2014 09:31:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/22/2014 09:29:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service tDXhXFflBot since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service SProtection since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service CA Service component since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service rcores since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service GlobalUpdater since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Click Caption 1.10.0.4 Client Service since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Supporter since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/01/2015 08:40:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SPPD.

System Error:
Das System kann die angegebene Datei nicht finden.


CodeIntegrity Errors:
===================================
  Date: 2015-01-01 21:18:31.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:31.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:30.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:30.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:29.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:28.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:28.391
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:28.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:17.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 21:18:17.687
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 3986.27 MB
Available physical RAM: 2374.65 MB
Total Pagefile: 13254.01 MB
Available Pagefile: 11404.64 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:368.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-01 21:25:09
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002b HGST_HTS545050A7E380 rev.GG2ZBD90 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Steffen\AppData\Local\Temp\uxtdipow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Windows Defender\MsMpEng.exe[2912] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506                                                       00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2912] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514                                                       00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2912] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118                                                          00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Windows Defender\MsMpEng.exe[2912] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142                                                          00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[2136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[2136] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[2136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\Explorer.EXE[2136] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\Windows\System32\igfxpers.exe[19188] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                   00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\Windows\System32\igfxpers.exe[19188] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                   00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\Windows\System32\igfxpers.exe[19188] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                      00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\Windows\System32\igfxpers.exe[19188] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                      00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[26204] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                      00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[26204] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                      00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[26204] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                         00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[26204] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                         00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[18260] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                   00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[18260] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                   00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[18260] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                      00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[18260] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                      00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE[19684] C:\WINDOWS\system32\KERNEL32.DLL!SetFileCompletionNotificationModes                                 00007ffdd466ba00 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                              00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                              00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                 00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                 00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                    00007ffdc8cc1f6a 4 bytes [CC, C8, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[21076] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                    00007ffdc8cc1f82 4 bytes [CC, C8, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[9484] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                              00007ffdc8cc1f6a 4 bytes [CC, C8, FD, 7F]
.text    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[9484] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                              00007ffdc8cc1f82 4 bytes [CC, C8, FD, 7F]
.text    C:\Program Files\Windows Defender\MpCmdRun.exe[4848] C:\WINDOWS\system32\KERNEL32.DLL!SetFileCompletionNotificationModes                                         00007ffdd466ba00 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\WINDOWS\system32\taskhost.exe[14248] C:\WINDOWS\system32\KERNEL32.DLL!SetFileCompletionNotificationModes                                                      00007ffdd466ba00 14 bytes {JMP QWORD [RIP+0x0]}
.text    C:\WINDOWS\system32\NOTEPAD.EXE[9328] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                     00007ffdd42f169a 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\system32\NOTEPAD.EXE[9328] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                     00007ffdd42f16a2 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\system32\NOTEPAD.EXE[9328] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                        00007ffdd42f181a 4 bytes [2F, D4, FD, 7F]
.text    C:\WINDOWS\system32\NOTEPAD.EXE[9328] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                        00007ffdd42f1832 4 bytes [2F, D4, FD, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\svchost.exe [780:808]                                                                                                                        0000001e039ef6f0
Thread   C:\WINDOWS\system32\svchost.exe [780:812]                                                                                                                        0000001e039ef6f0
Thread   C:\WINDOWS\system32\svchost.exe [952:1176]                                                                                                                       000000b93183f6f0
Thread   C:\WINDOWS\system32\svchost.exe [952:1180]                                                                                                                       000000b93183f6f0
Thread   C:\WINDOWS\System32\svchost.exe [312:4400]                                                                                                                       00000091ff33f6f0
Thread   C:\WINDOWS\System32\svchost.exe [312:5020]                                                                                                                       00000091ff33f6f0
Thread   C:\WINDOWS\System32\spoolsv.exe [1220:1244]                                                                                                                      000000000145f6f0
Thread   C:\WINDOWS\System32\spoolsv.exe [1220:1248]                                                                                                                      000000000145f6f0
Thread   C:\WINDOWS\system32\svchost.exe [1256:1404]                                                                                                                      000000d1773ff6f0
Thread   C:\WINDOWS\system32\svchost.exe [1256:1408]                                                                                                                      000000d1773ff6f0
Thread   C:\WINDOWS\SysWOW64\rundll32.exe [1536:25680]                                                                                                                    000000000108c340
Thread   C:\WINDOWS\SysWOW64\rundll32.exe [1536:14084]                                                                                                                    000000000108c340
Thread   C:\WINDOWS\system32\dashost.exe [1828:4124]                                                                                                                      000000f21c9ef6f0
Thread   C:\WINDOWS\system32\dashost.exe [1828:4128]                                                                                                                      000000f21c9ef6f0
Thread   C:\WINDOWS\system32\dashost.exe [1828:4136]                                                                                                                      000000f21ca0e310
Thread   C:\WINDOWS\system32\dashost.exe [1828:4204]                                                                                                                      000000f21ca0e310
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [3900:5152]                                                                                                   000000ca91e9f6f0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [3900:3492]                                                                                                   000000ca91e9f6f0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [3900:4036]                                                                                                   000000ca91ebe310
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [3900:424]                                                                                                    000000ca91ebe310
Thread   C:\WINDOWS\System32\svchost.exe [24840:22608]                                                                                                                    0000001d2e9bf6f0
Thread   C:\WINDOWS\System32\svchost.exe [24840:24832]                                                                                                                    0000001d2e9bf6f0
Thread   C:\WINDOWS\system32\csrss.exe [14644:21104]                                                                                                                      fffff96000871b90
Thread   C:\WINDOWS\Explorer.EXE [2136:15924]                                                                                                                             0000000010d7f6f0
Thread   C:\WINDOWS\Explorer.EXE [2136:9556]                                                                                                                              0000000010d7f6f0
Thread   C:\WINDOWS\Explorer.EXE [2136:24208]                                                                                                                             0000000010d9e310
Thread   C:\WINDOWS\Explorer.EXE [2136:7568]                                                                                                                              0000000010d9e310
Thread   C:\Program Files\Windows Defender\MpCmdRun.exe [4848:9120]                                                                                                       000000fa359af6f0
Thread   C:\Program Files\Windows Defender\MpCmdRun.exe [4848:9460]                                                                                                       000000fa359af6f0
Thread   C:\Program Files\Windows Defender\MpCmdRun.exe [4848:20192]                                                                                                      000000fa359ce310
Thread   C:\Program Files\Windows Defender\MpCmdRun.exe [4848:26048]                                                                                                      000000fa359ce310
Thread   C:\WINDOWS\system32\taskhost.exe [14248:24972]                                                                                                                   00000031dab3f6f0
Thread   C:\WINDOWS\system32\taskhost.exe [14248:23592]                                                                                                                   00000031dab3f6f0
Thread   C:\WINDOWS\system32\taskhost.exe [14248:11280]                                                                                                                   00000031dab5e310
Thread   C:\WINDOWS\system32\taskhost.exe [14248:4928]                                                                                                                    00000031dab5e310
---- Processes - GMER 2.1 ----

Process  C:\Users\Steffen\AppData\Local\ConvertAd\CASrv.exe (*** suspicious ***) @ C:\Users\Steffen\AppData\Local\ConvertAd\CASrv.exe [2704](2014-12-19 18:06:33)         00000000000e0000
Process  C:\Users\Steffen\AppData\Roaming\WHService\wh.exe (*** suspicious ***) @ C:\Users\Steffen\AppData\Roaming\WHService\wh.exe [2888](2                              0000000000400000
Library  C:\Users\Steffen\AppData\Roaming\WHService\sub\default.dll (*** suspicious ***) @ C:\Users\Steffen\AppData\Roaming\WHService\wh.exe [2888](2014-12-19 17:28:20)  0000000001460000
Process  C:\ProgramData\xKThMviKU\tDXhXFflBot.exe (*** suspicious ***) @ C:\ProgramData\xKThMviKU\tDXhXFflBot.exe [2480](2014-12-19 17:28:34)                             00000000009e0000
Library  Ð÷(à]H (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2136]                                                                                                    00007ffdc2a10000
Library  Ð÷(à]H (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2136]                                                                                                    00007ffdc25f0000
Library  Ð÷(à]H (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [2136]                                                                                                    00007ffdc1d60000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
         
Ich hoffe ich hab alles richtig gemacht.

Vielen Dank schon mal für eure Hilfe.

Gruß Phil

Alt 01.01.2015, 21:25   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Flwsrf

    Foxtab

    Foxy Secure

    Search Protect

    webssearches uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 01.01.2015, 22:40   #3
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Danke für die schnelle Hilfe.

Sieht schon besser aus.


MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.01.2015
Suchlauf-Zeit: 22:45:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.01.06
Rootkit Datenbank: v2014.12.30.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Steffen

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 373371
Verstrichene Zeit: 25 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\abengine.exe, 1460, Löschen bei Neustart, [122801f1c4c53600a2e9a5bc7f840df3]
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\ijs.exe, 1612, Löschen bei Neustart, [3bff1dd51970fd396527a5bc877c37c9]

Module: 8
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\abenginecert.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\freebl3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libnspr4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libplc4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libplds4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\nss3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\nssutil3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\smime3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 

Registrierungsschlüssel: 8
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1891709148-1701141493-326344943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [c5755f93117856e098e5ac328280bb45], 
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.4cV19.12-nv, In Quarantäne, [2812a54db7d282b4b75d76ff20e35da3], 
PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, In Quarantäne, [ee4cd31fe3a672c41acd7844a4605ea2], 
PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [9c9e589a7910d2646b02f3c5699b55ab], 
PUP.Optional.Flowsurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ABENGINE, In Quarantäne, [122801f1c4c53600a2e9a5bc7f840df3], 
PUP.Optional.Flowsurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INJECTORSERVICE, In Quarantäne, [3bff1dd51970fd396527a5bc877c37c9], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1891709148-1701141493-326344943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [ba8052a0b4d58da9d05fc0e6c83ba55b], 
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1891709148-1701141493-326344943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [93a74fa3286185b1e94ee19ad52e48b8], 

Registrierungswerte: 3
PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, {
   "MASSUPDATE" : {
      "CHROME_MBAR" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 1
      },
      "FIREFOX_MBAR" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 3
      },
      "IEXPLORE_BHO" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 4
      }
   }
}
, In Quarantäne, [ee4cd31fe3a672c41acd7844a4605ea2]
PUP.Optional.Flowsurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ABENGINE|ImagePath, C:\Program Files (x86)\Flwsrf\abengine.exe, In Quarantäne, [122801f1c4c53600a2e9a5bc7f840df3]
PUP.Optional.Flowsurf.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INJECTORSERVICE|ImagePath, C:\Program Files (x86)\Flwsrf\ijs.exe, In Quarantäne, [3bff1dd51970fd396527a5bc877c37c9]

Registrierungsdaten: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL  , Gut: (), Schlecht: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL),Ersetzt,[42f8767c07821c1ac66c39f446bdfc04]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL  , Gut: (), Schlecht: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL),Ersetzt,[42f8767c07821c1ac66c39f446bdfc04]
PUP.Optional.Iminent.A, HKU\S-1-5-21-1891709148-1701141493-326344943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000, Gut: (www.Google.com), Schlecht: (hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000),Ersetzt,[d56591612069f442e6974b3a5fa66f91]

Ordner: 80
PUP.Optional.Supporter.A, C:\Program Files (x86)\Supporter, In Quarantäne, [44f6d81ad8b1c96da908e57d9f648878], 
Rogue.Multiple, C:\ProgramData\1837308050, In Quarantäne, [8eac35bd80090b2b64af041830d3e917], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, In Quarantäne, [f04a4da53d4c4beb394259d2f50efb05], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos, In Quarantäne, [f04a4da53d4c4beb394259d2f50efb05], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer, In Quarantäne, [f04a4da53d4c4beb394259d2f50efb05], 
PUP.Optional.OpenCandy, C:\Users\Steffen\AppData\Roaming\OpenCandy, In Quarantäne, [61d9a64ce2a73cfae4c20d1eda29cb35], 
PUP.Optional.OpenCandy, C:\Users\Steffen\AppData\Roaming\OpenCandy\1FA4D01A004C4DD3AA99C9F473ABC030, In Quarantäne, [61d9a64ce2a73cfae4c20d1eda29cb35], 
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Local\Temp\Iminent, In Quarantäne, [f6446f83ec9d5cda734ca883b251bc44], 
PUP.Optional.AdwarePlugin, C:\Program Files (x86)\Bench\Updater, In Quarantäne, [1c1ebf33a6e3c86e7462101c40c3cf31], 
PUP.Optional.AdwarePlugin, C:\Program Files (x86)\Bench\Updater\1.7.0.0, In Quarantäne, [1c1ebf33a6e3c86e7462101c40c3cf31], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam, In Quarantäne, [f743777b4f3a3ef8e729cb622dd68a76], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search, In Quarantäne, [f743777b4f3a3ef8e729cb622dd68a76], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping, In Quarantäne, [f743777b4f3a3ef8e729cb622dd68a76], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam, In Quarantäne, [f743777b4f3a3ef8e729cb622dd68a76], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, In Quarantäne, [a892aa4896f3b48260d140ed748f4fb1], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Wd, In Quarantäne, [68d2eb078efb52e4bfea220d36cd0df3], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\NmHost, In Quarantäne, [b58521d148416ec8dfcb7bb4a3608b75], 
PUP.Optional.MindSpark.A, C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Allin1Convert_8h, In Quarantäne, [96a4777b0c7df343f0ffb97bbf44d52b], 
PUP.Optional.SmartCoupon.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah, In Quarantäne, [f4460be7701951e5c9f5370639ca15eb], 
PUP.Optional.SmartCoupon.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100, In Quarantäne, [f4460be7701951e5c9f5370639ca15eb], 
PUP.Optional.SmartCoupon.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah, In Quarantäne, [ef4b8a6899f05ed8f7c7bb822dd6d828], 
PUP.Optional.SmartCoupon.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100, In Quarantäne, [ef4b8a6899f05ed8f7c7bb822dd6d828], 
PUP.Optional.SmartCoupon.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah, In Quarantäne, [85b55a9848410c2a2e9080bd23e0a858], 
PUP.Optional.SmartCoupon.A, C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100, In Quarantäne, [85b55a9848410c2a2e9080bd23e0a858], 
PUP.Optional.SmartCoupon.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah, In Quarantäne, [9d9dc42e67227fb7388648f562a14ab6], 
PUP.Optional.SmartCoupon.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100, In Quarantäne, [9d9dc42e67227fb7388648f562a14ab6], 
PUP.Optional.SearchProtect.A, C:\Users\Steffen\AppData\Local\SearchProtect, In Quarantäne, [d763dd1535547bbbc45019281de6936d], 
PUP.Optional.MultiPlug.A, C:\ProgramData\YoutubeAdBlocke, In Quarantäne, [2218c42e246595a1e15eaa9a5fa4a858], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\YoutubeAdBlocke, In Quarantäne, [97a38a687811ef47122ea69e47bc4eb2], 
PUP.Optional.WebEnhance.A, C:\Program Files (x86)\WebEnhance, In Quarantäne, [dd5ddf1336535cda20b7370de221ef11], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{ADE959D7-E2FA-482A-A09F-042D19D5BF51}, In Quarantäne, [ed4dda18a8e1d85e043edc69d33004fc], 
PUP.Optional.GlobalUpdate.A, C:\Users\Steffen\AppData\Local\Temp\comh.375543, In Quarantäne, [bc7eb53d850449ede47a271edf243dc3], 
PUP.Optional.GlobalUpdate.A, C:\Users\Steffen\AppData\Local\Temp\comh.475508, In Quarantäne, [2713c52d0c7d48ee3d21d76e93709f61], 
PUP.Optional.GlobalUpdate.A, C:\Users\Steffen\AppData\Local\Temp\comh.77830, In Quarantäne, [b68449a9b2d784b2530b91b4e2213dc3], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\AppFramework, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\CanvasFramework, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\framework, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\framework-ui, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\framework-ui\theme, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\framework-ui\theme\bubble, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\icons, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver6BlockAndSurf, In Quarantäne, [1921a64cb9d0d85ea4f393b8cf3429d7], 
PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver6BlockAndSurf\x64, In Quarantäne, [1921a64cb9d0d85ea4f393b8cf3429d7], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\mbot_de_348, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\mbot_de_348\1.20, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_348, In Quarantäne, [3505ce24b7d2270f2779fa51b84bdc24], 
PUP.Optional.ContextTrue.A, C:\Users\Steffen\AppData\Local\ContextTrue, In Quarantäne, [5bdfc1313a4f74c2470567e548bb27d9], 
PUP.Optional.MBot.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY, In Quarantäne, [b18902f083063600e718cc800ef5e51b], 
PUP.Optional.Safeweb.A, C:\ProgramData\SafeWeb, In Quarantäne, [e852c230fe8b70c6e163cf8058ab9a66], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV19.12, In Quarantäne, [83b7589a9ced60d6b8ae7fd0cb385fa1], 
PUP.Optional.MultiPlug.A, C:\ProgramData\PriceLess, In Quarantäne, [85b5648e3653092dc1c0a9a7c63ddb25], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\PriceLess, In Quarantäne, [1426747e9dec082e661ce967cb38c739], 
PUP.Optional.ConvertAd.A, C:\Users\Steffen\AppData\Local\ConvertAd, In Quarantäne, [b38749a94f3a51e51a2f391d1de636ca], 
PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4, In Quarantäne, [bb7f1fd3e2a791a59cb961f8669d60a0], 
PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\3rd Party Licenses, In Quarantäne, [bb7f1fd3e2a791a59cb961f8669d60a0], 
PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service, In Quarantäne, [bb7f1fd3e2a791a59cb961f8669d60a0], 
PUP.Optional.PlumoWeb.A, C:\Users\Steffen\AppData\Local\Temp\PlumoWeb, In Quarantäne, [1228a44e3a4ff83e64573229897a8d73], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\extensionData, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\extensionData\plugins, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\extensionData\userCode, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\icons, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\icons\actions, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\js, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\js\api, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\js\lib, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.CrossRider.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe\1.26.43_0\js\lib\popupResource, In Quarantäne, [1f1ba151414891a59a74510b18eb15eb], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\1.1, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 

Dateien: 61
PUP.Optional.Flowsurf.A, C:\$Recycle.Bin\S-1-5-21-1891709148-1701141493-326344943-1001\$RLIE6EX.exe, In Quarantäne, [71c9ca28e0a92f07ef9758a78b7648b8], 
PUP.Optional.Amonetize.A, C:\Users\Steffen\AppData\Local\Temp\BIT60B2.tmp, In Quarantäne, [3efcbe3431589a9c2ee55f04916f4ab6], 
PUP.Optional.Amonetize, C:\Users\Steffen\AppData\Local\Temp\Launcher__10890.exe, In Quarantäne, [4bef20d219708da9500d2dd5a95953ad], 
PUP.Optional.Amonetize, C:\Users\Steffen\AppData\Local\Temp\Launcher__9999.exe, In Quarantäne, [52e8e9091b6e82b47edf837f8a78926e], 
PUP.Optional.Flowsurf.A, C:\Users\Steffen\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [d96147ab0881b4824e38a55a847dc040], 
PUP.Optional.WebInstrNew.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, In Quarantäne, [09312ec4cdbccc6a71e467fa11f2eb15], 
PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, In Quarantäne, [45f537bb53363006b4d3075ab35006fa], 
PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, In Quarantäne, [0139e70b3e4b270f8106154cf40fd030], 
PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, In Quarantäne, [cc6ef7fb2a5f6cca107811503ac954ac], 
PUP.Optional.Flowsurf.A, C:\Windows\System32\Tasks\upfs7235, In Quarantäne, [083237bb157470c64d3dca97d82bbb45], 
PUP.Optional.Flowsurf.A, C:\Windows\Temp\abengine.log, Löschen bei Neustart, [f14934be56333303cebf98c90201d32d], 
PUP.Optional.Supporter.A, C:\Program Files (x86)\Supporter\Supporter.dll, In Quarantäne, [44f6d81ad8b1c96da908e57d9f648878], 
PUP.Optional.InetStat.A, C:\Users\Steffen\AppData\Roaming\InetStat\inetstat.exe, In Quarantäne, [2c0e7181e1a8d75f4209db8f2fd4f10f], 
PUP.Optional.IMGUpdater.A, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, In Quarantäne, [ad8dcf23ed9c4aecb4a07215c142c040], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Common Files\Umbrella\Umbrella223.exe, In Quarantäne, [bf7b48aa3f4a6ec8b8caaeeac3402ad6], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml, In Quarantäne, [c575faf8157447ef8625e4c0d72c19e7], 
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage, In Quarantäne, [bc7e27cb5f2a0036f366b02abd47c43c], 
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal, In Quarantäne, [0733638fbfcaa690adaca8326f952bd5], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\abengine.exe, Löschen bei Neustart, [122801f1c4c53600a2e9a5bc7f840df3], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\ijs.exe, Löschen bei Neustart, [3bff1dd51970fd396527a5bc877c37c9], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, In Quarantäne, [a892aa4896f3b48260d140ed748f4fb1], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, In Quarantäne, [42f8767c07821c1ac66c39f446bdfc04], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Wd\wd.exe, In Quarantäne, [68d2eb078efb52e4bfea220d36cd0df3], 
PUP.Optional.BrowserGuard.A, C:\Program Files (x86)\Browser Guard\FrameworkEngine.exe, In Quarantäne, [1525ae4404856ec8a036183154aff40c], 
PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver6BlockAndSurf\BlockAndSurf.exe, In Quarantäne, [1921a64cb9d0d85ea4f393b8cf3429d7], 
PUP.Optional.BlockAndSurf.A, C:\Program Files (x86)\ver6BlockAndSurf\J6BlockAndSurfR79.exe, In Quarantäne, [1921a64cb9d0d85ea4f393b8cf3429d7], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\upmbot_de_348.cyl, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\upmbot_de_348.exe, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\user_profil.cyp, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\mbot_de_348\1.20\cnf.cyl, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Users\Steffen\AppData\Local\mbot_de_348\mbot_de_348\1.20\eorezo.cyl, In Quarantäne, [1c1ed91992f71e18aff0a4a754af4ab6], 
PUP.Optional.MBot.A, C:\Program Files (x86)\mbot_de_348\mbot_de_348.exe, In Quarantäne, [3505ce24b7d2270f2779fa51b84bdc24], 
PUP.Optional.ContextTrue.A, C:\Users\Steffen\AppData\Local\ContextTrue\nvhlpr.exe, In Quarantäne, [5bdfc1313a4f74c2470567e548bb27d9], 
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.4cV19.12\a8fc47fa-42dd-46a5-acf3-5d3191cc53bc-6.exe, In Quarantäne, [83b7589a9ced60d6b8ae7fd0cb385fa1], 
PUP.Optional.ConvertAd.A, C:\Users\Steffen\AppData\Local\ConvertAd\CASrv.exe, In Quarantäne, [b38749a94f3a51e51a2f391d1de636ca], 
PUP.Optional.ConvertAd.A, C:\Users\Steffen\AppData\Local\ConvertAd\ConvertAd.exe, In Quarantäne, [b38749a94f3a51e51a2f391d1de636ca], 
PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.4\Service\ccsvc.exe, In Quarantäne, [bb7f1fd3e2a791a59cb961f8669d60a0], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\1.1\bhelper.dll, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\1.1\bhelper64.dll, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\1.1\bservice.exe, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\1.1\bservice64.exe, In Quarantäne, [b585d51d494002341dfe302e0ef5e917], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, In Quarantäne, [b08a12e0cbbe73c35806c99656ad936d], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\abenginecert.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\freebl3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libnspr4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libplc4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\libplds4.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\nss3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\nssutil3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Flowsurf.A, C:\Program Files (x86)\Flwsrf\smime3.dll, Löschen bei Neustart, [1e1c12e0880130069b6ce67ac83b6997], 
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000",), Ersetzt,[5fdb2ec41772a78f6ccaad1239cc847c]
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000" ],), Ersetzt,[fd3def03672202349bc9922df60f0cf4]
PUP.Optional.Iminent.A, C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000");), Ersetzt,[74c6896938515ed8be2066586f96f709]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AwdCleaner:

Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 01/01/2015 um 23:22:56
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-01.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Steffen - HUTH
# Gestartet von : C:\Users\Steffen\Desktop\Antivirus\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\e5bd47f38a427370
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\Boost
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\PlumoWeb
Ordner Gelöscht : C:\Program Files (x86)\Common Files\IMGUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Temp\Security Systems
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Temp\CloudGuard
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Boost
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Browser Guard
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\torch
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\BoBrowser
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Steffen\Documents\Optimizer Pro
[!] Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org
Ordner Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagomcfjiefffhpaejnlpjccikpipdoe
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmpghpbbgnkhgolmifdhbbcanlejkoe
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmpghpbbgnkhgolmifdhbbcanlejkoe
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Ordner Gelöscht : C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh
Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Datei Gelöscht : C:\WINDOWS\rcore.exe
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\user.js

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : FoxTab
Task Gelöscht : LaunchSignup
Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : ProPCCleaner_Start
Task Gelöscht : ProPCCleaner_Popup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Steffen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{2AE1004D-E0B5-DFE8-A79C-C05DD882F6BC}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [framei]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\inetstat.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2ad8b229-4e3d-4b53-aa7d-012d7414d25c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2d3821fa-3b37-4930-8b26-2410cd618e01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CB488543-8277-4C97-A99A-AFAEE60B420B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ad8b229-4e3d-4b53-aa7d-012d7414d25c}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d3821fa-3b37-4930-8b26-2410cd618e01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ad8b229-4e3d-4b53-aa7d-012d7414d25c}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2d3821fa-3b37-4930-8b26-2410cd618e01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2ad8b229-4e3d-4b53-aa7d-012d7414d25c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2d3821fa-3b37-4930-8b26-2410cd618e01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2ad8b229-4e3d-4b53-aa7d-012d7414d25c}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2d3821fa-3b37-4930-8b26-2410cd618e01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900625B6-F89A-40E3-AEE1-3A9A5E8723A7}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Bench
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v34.0.5 (x86 de)

[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.FeSJfDhSkWoxaMnH.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22optionweb.com%2[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.sy2KKmEv1ThibYaD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221525069,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221525070,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.browser.version.last", "34.0");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.83.5.45395");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=674D7A15-0971-4202-AE71-125C961286AF&n=780d0fb2&p2=^AYY^xdm070^LADEDE^de&si=flvrunner");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installKeysSource", "LocalStorage");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installType", "XPI");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014121906");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xdm070^LADEDE^de");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "flvrunner");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.pixelUrl", "hxxp://download.allin1convert.com/install_pixels.jhtml?partner=^AYY^xdm070^LADEDE^de&sub_id=flvrunner&coId=c6d33486719b48d5[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", true);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.toolbarId", "674D7A15-0971-4202-AE71-125C961286AF");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastActivePing", "1419237956277");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.83.5.45395");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", true);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://flvrunner.com/thankyou.php");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.LayoutId", "1");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"nspdlft\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"1419237953188[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"urlhxxps\[...]
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1419240292072");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.version", "8.45.2.1");
[rl66dt0w.default\prefs.js] - Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.45.2.1\",\"InstallEventCTime\":1419244091606,\"InstallEvent\":\"True\"}");

-\\ Google Chrome v39.0.2171.95

[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419010257&from=cvs4&uid=HGSTXHTS545050A7E380_TMA55C3J01GGYL01GGYLX&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419010257&from=cvs4&uid=HGSTXHTS545050A7E380_TMA55C3J01GGYL01GGYLX&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M2C8CEFCC-FF02-412C-9378-8C07038B132D&SearchSource=58&CUI=&UM=8&UP=SP92898ACF-A069-44C6-B59F-E3A8BBF9A8FC&q={searchTerms}&SSPV=
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M2C8CEFCC-FF02-412C-9378-8C07038B132D&SearchSource=58&CUI=&UM=8&UP=SP92898ACF-A069-44C6-B59F-E3A8BBF9A8FC&q={searchTerms}&SSPV=
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fkpfamdnbpmdahfgfjjleadeaejeachh
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kbmpghpbbgnkhgolmifdhbbcanlejkoe
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kbmpghpbbgnkhgolmifdhbbcanlejkoe

-\\ Comodo Dragon v

[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419010257&from=cvs4&uid=HGSTXHTS545050A7E380_TMA55C3J01GGYL01GGYLX&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1419010257&from=cvs4&uid=HGSTXHTS545050A7E380_TMA55C3J01GGYL01GGYLX&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M2C8CEFCC-FF02-412C-9378-8C07038B132D&SearchSource=58&CUI=&UM=8&UP=SP92898ACF-A069-44C6-B59F-E3A8BBF9A8FC&q={searchTerms}&SSPV=
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M2C8CEFCC-FF02-412C-9378-8C07038B132D&SearchSource=58&CUI=&UM=8&UP=SP92898ACF-A069-44C6-B59F-E3A8BBF9A8FC&q={searchTerms}&SSPV=
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
[C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.iminent.com/?appId=00000000-0000-0000-0000-000000000000&ref=toolbox&q={searchTerms}

*************************

AdwCleaner[R0].txt - [24707 octets] - [01/01/2015 23:20:25]
AdwCleaner[S0].txt - [25694 octets] - [01/01/2015 23:22:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25755 octets] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Steffen on 01.01.2015 at 23:30:35,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\MYSTART TOOLBAR UNINSTALL.EXE-F5A89D4C.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Steffen\appdata\local\pro_pc_cleaner"
Successfully deleted: [Folder] "C:\Users\Steffen\documents\propccleaner"



~~~ FireFox

Successfully deleted the following from C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\rl66dt0w.default\prefs.js

user_pref("extensions.sy2KKmEv1ThibYaD.url", "hxxp://supercept.org/sync2/?q=hfZ9ofV9CShEAen0rchTB6lKDzt4okmxtNtVh7n0rjnFrTsGrdC9rdsFtMFHhd9FqdwGrTsEpdn8qdCMDMlGojUMAe4Uojk8qHC
Emptied folder: C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\rl66dt0w.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2015 at 23:33:11,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Steffen (administrator) on HUTH on 01-01-2015 23:34:36
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {D82A0883-FE62-4078-B268-D5E0DD28B40D} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:33 - 2015-01-01 23:33 - 00001304 _____ () C:\Users\Steffen\Desktop\JRT.txt
2015-01-01 23:30 - 2015-01-01 23:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 23:20 - 2015-01-01 23:23 - 00000000 ____D () C:\AdwCleaner
2015-01-01 23:19 - 2015-01-01 23:19 - 00000000 _____ () C:\Users\Steffen\Desktop\Neues Textdokument.txt
2015-01-01 21:32 - 2015-01-01 21:32 - 573186825 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-01 21:32 - 2015-01-01 21:32 - 00393960 _____ () C:\WINDOWS\Minidump\010115-46859-01.dmp
2015-01-01 21:32 - 2015-01-01 21:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 21:15 - 2015-01-01 23:34 - 00000000 ____D () C:\FRST
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-01 23:34 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2015-01-01 20:57 - 2015-01-01 20:57 - 00050477 _____ () C:\Users\Steffen\Downloads\Defogger.exe
2014-12-22 11:28 - 2014-12-22 11:28 - 00000000 ____D () C:\SafeWeb
2014-12-22 10:35 - 2015-01-01 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 09:20 - 2015-01-01 21:36 - 00002223 _____ () C:\Users\Steffen\Desktop\chrome.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-19 21:21 - 2014-12-19 21:21 - 00075249 _____ () C:\Users\Steffen\Downloads\sf_alive.jsp
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:16 - 2014-12-19 19:16 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Google
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:10 - 2014-12-19 19:16 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:09 - 2014-12-19 19:09 - 00613057 _____ (CMI Limited) C:\Users\Steffen\AppData\Local\nsuE4DC.tmp
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 19:01 - 2014-12-22 08:40 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:33 - 2015-01-01 23:24 - 00001354 _____ () C:\WINDOWS\Tasks\QVUKV.job
2014-12-19 18:33 - 2015-01-01 23:24 - 00001348 _____ () C:\WINDOWS\Tasks\HQ.job
2014-12-19 18:33 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763
2014-12-19 18:33 - 2014-12-19 18:33 - 00004358 _____ () C:\WINDOWS\System32\Tasks\QVUKV
2014-12-19 18:33 - 2014-12-19 18:33 - 00004352 _____ () C:\WINDOWS\System32\Tasks\HQ
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:28 - 2014-12-19 18:30 - 00000000 ____D () C:\ProgramData\xKThMviKU
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 18:12 - 2014-12-19 18:12 - 05402840 _____ (Canneverbe Limited ) C:\Users\Steffen\Downloads\cdbxp_setup_4.5.4.5143_minimal.exe
2014-12-19 10:22 - 2014-12-22 08:52 - 00120832 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 23:34 - 2013-08-22 15:46 - 00054657 _____ () C:\WINDOWS\setupact.log
2015-01-01 23:29 - 2014-06-24 16:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-01 23:24 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-01 23:24 - 2014-06-24 19:39 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 23:24 - 2013-10-07 19:23 - 00561378 _____ () C:\WINDOWS\PFRO.log
2015-01-01 23:24 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-01 23:23 - 2014-06-24 21:02 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 23:23 - 2014-06-24 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-01 23:23 - 2014-06-24 15:55 - 00001022 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 23:23 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-01 23:13 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-01 23:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 23:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-01 23:02 - 2014-06-24 19:39 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 21:32 - 2013-08-22 15:44 - 00423096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:55 - 2014-02-24 12:43 - 01515232 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:28 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 10:05 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-23 10:03 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-22 11:40 - 2014-02-24 13:00 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:27 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-22 08:40 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2014-12-20 19:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:21 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:12 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe
C:\Users\Steffen\AppData\Local\Temp\294823_.exe
C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe
C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\Steffen\AppData\Local\Temp\88554C19-5386-F857-D694-3DA26BC81855.exe
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.dll
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.exe
C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe
C:\Users\Steffen\AppData\Local\Temp\oct21C0.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct4D9.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct60B4.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octA194.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octB2ED.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe
C:\Users\Steffen\AppData\Local\Temp\ose00000.exe
C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Steffen\AppData\Local\Temp\setup_384.exe
C:\Users\Steffen\AppData\Local\Temp\SFRESTART.EXE
C:\Users\Steffen\AppData\Local\Temp\sfupd32.dll
C:\Users\Steffen\AppData\Local\Temp\SpOrder.dll
C:\Users\Steffen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 14:06

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-01 23:35:35
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-11-2014 13:45:50 Windows Update
05-12-2014 20:50:11 Geplanter Prüfpunkt
15-12-2014 18:50:53 Geplanter Prüfpunkt
19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {53024CB7-66B5-4E06-ADDE-C30628C3AF52} - System32\Tasks\HQ => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {A3DF08E2-53DF-46CE-A080-97828F9632E3} - System32\Tasks\QVUKV => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {DABB7664-07AB-468A-B425-9C501A039571} - \upfs7235 No Task File <==== ATTENTION
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FAB9BA5B-CEDF-4F5E-A7FC-511BFBCDFDF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HQ.job => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QVUKV.job => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/01/2015 11:35:52 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/01/2015 11:35:22 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/01/2015 11:34:52 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-01 23:20:42.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:42.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:42.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:40.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:40.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:39.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:39.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:39.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:38.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-01 23:20:38.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3986.27 MB
Available physical RAM: 2549.5 MB
Total Pagefile: 8082.27 MB
Available Pagefile: 6674.7 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:372.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 02.01.2015, 12:38   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.01.2015, 15:42   #5
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



So hier die aktuellen Logs.

ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bfb351ee2f1b684a92f4c2108a28f0aa
# engine=21788
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-02 03:29:41
# local_time=2015-01-02 04:29:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 21368 3395181 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26339 10516900 0 0
# scanned=236476
# found=133
# cleaned=0
# scan_time=6616
sh=C879B76CE65BD36C43493B3E1C9ECF8E6964912A ft=1 fh=984cf54657a7bdba vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AmIcoSingLun\b237066b-9789-4619-8c4f-7114e946f763.dll"
sh=C879B76CE65BD36C43493B3E1C9ECF8E6964912A ft=1 fh=984cf54657a7bdba vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763\b17e6520-bb79-41a4-850b-aab90e55f668.dll"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\xKThMviKU\dat\flwqPoEx.dll"
sh=A67E3817FC13A1C440340279CF8DFBBB89077B3D ft=1 fh=8ae44ea6de42b5ae vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\ProgramData\xKThMviKU\dat\keEfEkUHIc.dll"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js"
sh=0AE6F44A6D15BF13DF19BE1EC38D021D6960BE55 ft=1 fh=69709f074978429f vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\xKThMviKU\dat\flwqPoEx.dll"
sh=A67E3817FC13A1C440340279CF8DFBBB89077B3D ft=1 fh=8ae44ea6de42b5ae vn="Variante von MSIL/Adware.PullUpdate.K.gen Anwendung" ac=I fn="C:\Users\All Users\xKThMviKU\dat\keEfEkUHIc.dll"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js"
sh=F5107D4315C28F6E6A0F94CAD8414D0EE4B1B1E5 ft=1 fh=36723e1fa1633655 vn="Variante von Win32/Amonetize.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Temp\945A733BFF9F46F1A505B4A2CB893866\setup.exe"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\nsuE4DC.tmp"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\AnyProtectSetup[1].exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\Cloud_Backup_Setup[1].exe"
sh=9FA4C8373B410D13BB7C49B7D530914FAFC02018 ft=1 fh=b13f2ccb1f3866d5 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\mystartTb_5.4.1.4_sambamedia[1].exe"
sh=E6DE5B3B902C79BAC35C83EA198C05B9DCBB2886 ft=1 fh=2b9d20083ea87627 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\rcpsetup_17970[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\sp-downloader[1].exe"
sh=A512C27BA0AF525BBBC3A1E0B00F7E0DB4632893 ft=1 fh=5290c6e977648b90 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\SPSetup[1].exe"
sh=1B04BEAB8809408148333E3B4D40F719A73BBAC5 ft=1 fh=993133e3e4342124 vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\StormWatchSetup[1].exe"
sh=508EC6CC4EA7799831B3F6EEF6756283FBBF07E9 ft=1 fh=2986675f493bbada vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\IminentMinibarIE[1].exe"
sh=F572612F0FEEB63AC6029653CFE8F553E2B5044A ft=1 fh=f48e2a08b7b63467 vn="Win32/Toolbar.Iminent.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\metro[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\spstub[1].exe"
sh=59C275FFC5C2AF2CFF60881D51D50402AA779C84 ft=1 fh=d442d0486f73cf29 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\RUW9ZUCT\MinibarFirefox[1].exe"
sh=C9ED565CFAE34C9011E5554A15EE82E086470D4A ft=1 fh=ea9d7b139c16cb6c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\setup_gmsd_de[1].exe"
sh=C32B7F518F92B8314B27B13CCCE3F0BA3F8014CD ft=1 fh=acd406445c658d9d vn="Win32/Agent.WGA Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\update[1].exe"
sh=092E10CC77C460D6D9185C9043D17071A8F655BB ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Steffen\AppData\Local\Mozilla\Firefox\Profiles\rl66dt0w.default\cache2\entries\427A46481545B53E77A3C5DC5A323D5369E9043A"
sh=494CF2A96AD09F51D6BF21B22D377A911F663221 ft=1 fh=c71c0011bc59563b vn="Variante von Win32/Adware.MultiPlug.DJ Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe"
sh=C913510C9CEC7E6595C95AA317B531C6C6903DC5 ft=1 fh=c71c0011d74bc7b4 vn="Variante von Win32/Adware.MultiPlug.DJ Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\294823_.exe"
sh=8C9E5EC784F280E835CF5718BCB5280D84E9B58F ft=1 fh=c71c0011d17527d3 vn="Variante von Win32/Adware.MultiPlug.DX Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe"
sh=8E5D8054E8ED9A58A4E8E35EDB3DD059EAAE2C7B ft=1 fh=c71c001183adf9f6 vn="Variante von Win32/Adware.MultiPlug.DJ Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe"
sh=B1AB5F65FFF8C5B82EBB9E8D774922C9A1CDD16A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\4D67.tmp"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe"
sh=86FC4495888B42D15D0A9C8CA1B8F5C7F86D403F ft=1 fh=7c69c989bb2149ec vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe"
sh=D717968E756E3A1C469B5FAD26E8FA4356609305 ft=1 fh=537c7d0f6485250b vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\ICReinstall_nswACE5.tmp"
sh=D717968E756E3A1C469B5FAD26E8FA4356609305 ft=1 fh=537c7d0f6485250b vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nswACE5.tmp"
sh=1F9EB64EE00661FAF89EDB2B5CB3615524E3039A ft=1 fh=83f7ae676485250b vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nszE14D.tmp"
sh=4CE200879664514AA029B495D6E6EC01F1EFF70E ft=1 fh=34ca45f9d70c625c vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe"
sh=CC9E67A9F2E1C96CA6BD55C70A721E516ABAFE4A ft=1 fh=5c9d4d294dba47e9 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\setup_384.exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\5bdbffc5-557f-4c58-aff4-6aa103118493\cloud_backup_setup.exe"
sh=81D34CCB3E03BF95A13E84D5494B23840594993C ft=1 fh=b70fa43d11a65ae2 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\is-H93E9.tmp\gentlemjmp_ieu.exe"
sh=51076C566335E1151D86D67554E3E2D43B351728 ft=1 fh=18e0c24b0663d45b vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\is-O3NBB.tmp\gentlemjmp_ieu.exe"
sh=A35F85CD366C494B8915841F686CF171E23C7E0E ft=1 fh=2029e72049e97045 vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\is45637729\147900_stp\OptimizerPro.exe"
sh=9AC9A36804188C4A410043FFD8AB21E529B5163A ft=1 fh=41b8173fede15ab3 vn="Variante von Win32/TrojanDropper.MsiDrop.B Trojaner" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\is45637729\165263375_stp\Installer.exe"
sh=EE11D35F84FB5E3210DB45141B9D2457EADBC430 ft=1 fh=c71c00116b1232b5 vn="Variante von Win32/Packed.VMDetector.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils.dll"
sh=6BAADE2D2EEB6FB829FE50F112262A6FC0B16D5E ft=1 fh=3d89be7f8af31560 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils2.dll"
sh=9E57D1F60F87533FF40B8159E7A907786CAF9F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{BFE481D5-9D2F-4160-B5E7-0F5A7F724651}\plugins\91.js"
sh=9E57D1F60F87533FF40B8159E7A907786CAF9F42 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{C2CB3A46-3291-41B3-A028-2982704A3C86}\plugins\91.js"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Roaming\HQ"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\AppData\Roaming\QVUKV"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir"
sh=F6EE0001F619BB925104BCC706F12E0C66849C6F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=0BDBBFC5612E0A15DD83E8DD3219FEAAC3B829BA ft=1 fh=a2ae6b4b548439c0 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Temp\Security Systems\Setup.exe.vir"
sh=FF419D8CEB3D4D7BD4DB2A5E6285FA254312EC44 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir"
sh=0FFDDB65D16E64AEAAD1D33834E6D364E7610B0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir"
sh=B582D2DFEE30BCBC1776749124012AC56D487E83 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir"
sh=7069388AD4B8B07F4AB3F0CAD141CB7BDA71E782 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org\content\bg.js.vir"
sh=A26EDB47D22842E4EBD64610CDF7ACB179186475 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk\content\bg.js.vir"
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=C3AF370723A6CED65CA77831F34DBC2BF995EB33 ft=1 fh=05f0d2386b094fdc vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=BDD3775F21A7B47B5F3D66C66D6747BFA735071B ft=1 fh=d5332291d5060554 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=1CCC8BD1EF672A0B916140E39DB642256C0F99DA ft=1 fh=bfcb2eb12e72fdd3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\spbe.dll"
sh=3F25AB05094BE265F05FC5E31FEA78D9D87DAE99 ft=1 fh=28a0b039216e98ae vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\spbl.dll"
sh=D3C52F54DD7236638D247098CDF3FF079368A8D2 ft=1 fh=cc86c91b07d62b9d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\sppsm.dll"
sh=C4D8A425FA833A0C1BF0C57D1BD6D5AA37EBD829 ft=1 fh=177b6bc36fabc8cc vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\spusm.dll"
sh=621AA76E1988F86A6B03BA8CFDFB35C8FEC48AED ft=1 fh=17872457b1757cb0 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\srbs.dll"
sh=103360713EFE54F3091D9A857DDC794DB5BC05CA ft=1 fh=18f67f94f86d47da vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\srbu.dll"
sh=A3580C1644D424EFB0D1244C2165B75E919BD22C ft=1 fh=b688e9578494b1e2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\srptc.dll"
sh=902091EF005941D319AA6892033ED4AE01D0BB4C ft=1 fh=2af1f815b0b5f09f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI5C55.tmp-\srpu.dll"
         
SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Steffen Desktop Antivirus SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Steffen (administrator) on HUTH on 02-01-2015 16:34:14
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\RunOnce: [Adobe Speed Launcher] => 1420205093
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=DE&ver=22&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {D82A0883-FE62-4078-B268-D5E0DD28B40D} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-24]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-24]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-24]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-24]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 16:33 - 2015-01-02 16:34 - 00000000 ____D () C:\FRST
2015-01-02 14:36 - 2015-01-02 14:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-02 14:35 - 2015-01-02 14:35 - 02347384 _____ (ESET) C:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe
2015-01-02 11:33 - 2015-01-02 11:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-02 11:31 - 2015-01-02 11:31 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira
2015-01-02 11:30 - 2015-01-02 11:30 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-02 11:30 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-02 10:56 - 2015-01-02 10:56 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 23:30 - 2015-01-01 23:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 23:19 - 2015-01-01 23:19 - 00000000 _____ () C:\Users\Steffen\Desktop\Neues Textdokument.txt
2015-01-01 21:32 - 2015-01-01 21:32 - 573186825 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-01 21:32 - 2015-01-01 21:32 - 00393960 _____ () C:\WINDOWS\Minidump\010115-46859-01.dmp
2015-01-01 21:32 - 2015-01-01 21:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-02 16:34 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2014-12-22 10:35 - 2015-01-01 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 09:20 - 2015-01-01 21:36 - 00002223 _____ () C:\Users\Steffen\Desktop\chrome.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:10 - 2015-01-02 10:51 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:09 - 2014-12-19 19:09 - 00613057 _____ (CMI Limited) C:\Users\Steffen\AppData\Local\nsuE4DC.tmp
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 19:01 - 2014-12-22 08:40 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:33 - 2015-01-02 14:24 - 00001354 _____ () C:\WINDOWS\Tasks\QVUKV.job
2014-12-19 18:33 - 2015-01-02 14:24 - 00001348 _____ () C:\WINDOWS\Tasks\HQ.job
2014-12-19 18:33 - 2014-12-22 11:40 - 00000000 ____D () C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763
2014-12-19 18:33 - 2014-12-19 18:33 - 00004358 _____ () C:\WINDOWS\System32\Tasks\QVUKV
2014-12-19 18:33 - 2014-12-19 18:33 - 00004352 _____ () C:\WINDOWS\System32\Tasks\HQ
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:28 - 2015-01-02 14:26 - 00000000 ____D () C:\ProgramData\xKThMviKU
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 10:22 - 2014-12-22 08:52 - 00120832 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 16:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-02 16:02 - 2014-06-24 19:39 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 14:52 - 2014-02-24 12:43 - 01709834 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-02 14:34 - 2013-08-22 15:46 - 00055104 _____ () C:\WINDOWS\setupact.log
2015-01-02 14:29 - 2014-06-24 16:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-02 14:24 - 2014-06-24 19:39 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 11:09 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-02 11:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 11:08 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-02 10:56 - 2014-06-25 15:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 10:51 - 2013-10-07 19:23 - 01277248 _____ () C:\WINDOWS\PFRO.log
2015-01-02 10:50 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files\Google
2015-01-02 10:50 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 10:48 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-02 10:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-02 10:32 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2015-01-02 10:31 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-02 10:11 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-01 23:23 - 2014-06-24 21:02 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 23:23 - 2014-06-24 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-01 23:23 - 2014-06-24 15:55 - 00001022 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 23:13 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-01 23:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 21:32 - 2013-08-22 15:44 - 00423096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 10:05 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-23 10:03 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-22 11:40 - 2014-02-24 13:00 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 20:12 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe
C:\Users\Steffen\AppData\Local\Temp\294823_.exe
C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe
C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe
C:\Users\Steffen\AppData\Local\Temp\88554C19-5386-F857-D694-3DA26BC81855.exe
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.dll
C:\Users\Steffen\AppData\Local\Temp\95D122E2-64E8-715F-2D6D-A09575793B9B.exe
C:\Users\Steffen\AppData\Local\Temp\avgnt.exe
C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Steffen\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Steffen\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe
C:\Users\Steffen\AppData\Local\Temp\oct21C0.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct4D9.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\oct60B4.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octA194.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\octB2ED.tmp.exe
C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe
C:\Users\Steffen\AppData\Local\Temp\ose00000.exe
C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Steffen\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Steffen\AppData\Local\Temp\setup_384.exe
C:\Users\Steffen\AppData\Local\Temp\SFRESTART.EXE
C:\Users\Steffen\AppData\Local\Temp\sfupd32.dll
C:\Users\Steffen\AppData\Local\Temp\SpOrder.dll
C:\Users\Steffen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 12:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-02 16:35:14
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-12-2014 18:50:53 Geplanter Prüfpunkt
19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {53024CB7-66B5-4E06-ADDE-C30628C3AF52} - System32\Tasks\HQ => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {A3DF08E2-53DF-46CE-A080-97828F9632E3} - System32\Tasks\QVUKV => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {DABB7664-07AB-468A-B425-9C501A039571} - \upfs7235 No Task File <==== ATTENTION
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {FAB9BA5B-CEDF-4F5E-A7FC-511BFBCDFDF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HQ.job => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QVUKV.job => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5


System errors:
=============
Error: (01/02/2015 00:12:45 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 00:12:15 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/02/2015 11:11:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 11:09:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 11:09:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 10:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 10:51:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 10:51:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 10:49:03 AM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (01/02/2015 10:41:44 AM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5eb8401d0267adf81f5e8C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe6f73e9df-9270-11e4-82c6-342387e65e92

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5ec2001d0267811b542e0C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exec6a5719b-926d-11e4-82c6-342387e65e92


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 10:27:36.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:36.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:34.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:06.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:29.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:28.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3986.27 MB
Available physical RAM: 2453.38 MB
Total Pagefile: 8082.27 MB
Available Pagefile: 6317.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:380.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Probleme hab ich keine mehr feststellen können. Ich hoffe das alles weg ist.


Alt 02.01.2015, 17:09   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Java und Flash updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\AmIcoSingLun
C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763
C:\ProgramData\xKThMviKU
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\All Users\xKThMviKU\dat\flwqPoEx.dll

C:\Users\All Users\xKThMviKU\dat\keEfEkUHIc.dll

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\Public\Temp\945A733BFF9F46F1A505B4A2CB893866\setup.exe

C:\Users\Steffen\AppData\Local\nsuE4DC.tmp

C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\AnyProtectSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\Cloud_Backup_Setup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\mystartTb_5.4.1.4_sambamedia[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\rcpsetup_17970[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\sp-downloader[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\SPSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\StormWatchSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\IminentMinibarIE[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\metro[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\spstub[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\RUW9ZUCT\MinibarFirefox[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\setup_gmsd_de[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\update[1].exe

C:\Users\Steffen\AppData\Local\Mozilla\Firefox\Profiles\rl66dt0w.default\cache2\entries\427A46481545B53E77A3C5DC5A323D5369E9043A

C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe

C:\Users\Steffen\AppData\Local\Temp\294823_.exe

C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe

C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe

C:\Users\Steffen\AppData\Local\Temp\4D67.tmp

C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe

C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe

C:\Users\Steffen\AppData\Local\Temp\ICReinstall_nswACE5.tmp

C:\Users\Steffen\AppData\Local\Temp\nswACE5.tmp

C:\Users\Steffen\AppData\Local\Temp\nszE14D.tmp

C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe

C:\Users\Steffen\AppData\Local\Temp\setup_384.exe

C:\Users\Steffen\AppData\Local\Temp\5bdbffc5-557f-4c58-aff4-6aa103118493\cloud_backup_setup.exe

C:\Users\Steffen\AppData\Local\Temp\is-H93E9.tmp\gentlemjmp_ieu.exe

C:\Users\Steffen\AppData\Local\Temp\is-O3NBB.tmp\gentlemjmp_ieu.exe

C:\Users\Steffen\AppData\Local\Temp\is45637729\147900_stp\OptimizerPro.exe

C:\Users\Steffen\AppData\Local\Temp\is45637729\165263375_stp\Installer.exe

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils.dll

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils2.dll

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{BFE481D5-9D2F-4160-B5E7-0F5A7F724651}\plugins\91.js

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{C2CB3A46-3291-41B3-A028-2982704A3C86}\plugins\91.js

C:\Users\Steffen\AppData\Roaming\HQ

C:\Users\Steffen\AppData\Roaming\QVUKV

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Temp\Security Systems\Setup.exe.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org\content\bg.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk\content\bg.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir

C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI5C55.tmp-\spbe.dll

C:\Windows\Installer\MSI5C55.tmp-\spbl.dll

C:\Windows\Installer\MSI5C55.tmp-\sppsm.dll

C:\Windows\Installer\MSI5C55.tmp-\spusm.dll

C:\Windows\Installer\MSI5C55.tmp-\srbs.dll

C:\Windows\Installer\MSI5C55.tmp-\srbu.dll

C:\Windows\Installer\MSI5C55.tmp-\srptc.dll

C:\Windows\Installer\MSI5C55.tmp-\srpu.dll
Task: {53024CB7-66B5-4E06-ADDE-C30628C3AF52} - System32\Tasks\HQ => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION

Task: {A3DF08E2-53DF-46CE-A080-97828F9632E3} - System32\Tasks\QVUKV => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION

Task: {DABB7664-07AB-468A-B425-9C501A039571} - \upfs7235 No Task File <==== ATTENTION

Task: C:\WINDOWS\Tasks\HQ.job => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\QVUKV.job => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION
C:\Users\Steffen\AppData\Roaming\HQ.exe
C:\Users\Steffen\AppData\Roaming\QVUKV.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=DE&ver=22&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {D82A0883-FE62-4078-B268-D5E0DD28B40D} URL = 
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST Log bitte.
__________________
--> Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise

Alt 02.01.2015, 18:34   #7
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



OK hier die neuen Logs.

Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-02 19:19:23 Run:1
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\AmIcoSingLun
C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763
C:\ProgramData\xKThMviKU
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\All Users\xKThMviKU\dat\flwqPoEx.dll

C:\Users\All Users\xKThMviKU\dat\keEfEkUHIc.dll

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\Public\Temp\945A733BFF9F46F1A505B4A2CB893866\setup.exe

C:\Users\Steffen\AppData\Local\nsuE4DC.tmp

C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js

C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\AnyProtectSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\Cloud_Backup_Setup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\mystartTb_5.4.1.4_sambamedia[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\rcpsetup_17970[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\sp-downloader[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\SPSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\StormWatchSetup[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\IminentMinibarIE[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\metro[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\spstub[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\RUW9ZUCT\MinibarFirefox[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\setup_gmsd_de[1].exe

C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\update[1].exe

C:\Users\Steffen\AppData\Local\Mozilla\Firefox\Profiles\rl66dt0w.default\cache2\entries\427A46481545B53E77A3C5DC5A323D5369E9043A

C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe

C:\Users\Steffen\AppData\Local\Temp\294823_.exe

C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe

C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe

C:\Users\Steffen\AppData\Local\Temp\4D67.tmp

C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe

C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe

C:\Users\Steffen\AppData\Local\Temp\ICReinstall_nswACE5.tmp

C:\Users\Steffen\AppData\Local\Temp\nswACE5.tmp

C:\Users\Steffen\AppData\Local\Temp\nszE14D.tmp

C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe

C:\Users\Steffen\AppData\Local\Temp\setup_384.exe

C:\Users\Steffen\AppData\Local\Temp\5bdbffc5-557f-4c58-aff4-6aa103118493\cloud_backup_setup.exe

C:\Users\Steffen\AppData\Local\Temp\is-H93E9.tmp\gentlemjmp_ieu.exe

C:\Users\Steffen\AppData\Local\Temp\is-O3NBB.tmp\gentlemjmp_ieu.exe

C:\Users\Steffen\AppData\Local\Temp\is45637729\147900_stp\OptimizerPro.exe

C:\Users\Steffen\AppData\Local\Temp\is45637729\165263375_stp\Installer.exe

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils.dll

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils2.dll

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{BFE481D5-9D2F-4160-B5E7-0F5A7F724651}\plugins\91.js

C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{C2CB3A46-3291-41B3-A028-2982704A3C86}\plugins\91.js

C:\Users\Steffen\AppData\Roaming\HQ

C:\Users\Steffen\AppData\Roaming\QVUKV

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Temp\Security Systems\Setup.exe.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org\content\bg.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk\content\bg.js.vir

C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir

C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll

C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.LanguageSettings.resources.dll

C:\Windows\Installer\MSI5C55.tmp-\spbe.dll

C:\Windows\Installer\MSI5C55.tmp-\spbl.dll

C:\Windows\Installer\MSI5C55.tmp-\sppsm.dll

C:\Windows\Installer\MSI5C55.tmp-\spusm.dll

C:\Windows\Installer\MSI5C55.tmp-\srbs.dll

C:\Windows\Installer\MSI5C55.tmp-\srbu.dll

C:\Windows\Installer\MSI5C55.tmp-\srptc.dll

C:\Windows\Installer\MSI5C55.tmp-\srpu.dll
Task: {53024CB7-66B5-4E06-ADDE-C30628C3AF52} - System32\Tasks\HQ => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION

Task: {A3DF08E2-53DF-46CE-A080-97828F9632E3} - System32\Tasks\QVUKV => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION

Task: {DABB7664-07AB-468A-B425-9C501A039571} - \upfs7235 No Task File <==== ATTENTION

Task: C:\WINDOWS\Tasks\HQ.job => C:\Users\Steffen\AppData\Roaming\HQ.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\QVUKV.job => C:\Users\Steffen\AppData\Roaming\QVUKV.exe <==== ATTENTION
C:\Users\Steffen\AppData\Roaming\HQ.exe
C:\Users\Steffen\AppData\Roaming\QVUKV.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=DE&ver=22&locale=de_DE&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> {D82A0883-FE62-4078-B268-D5E0DD28B40D} URL = 
Emptytemp:
         
*****************

C:\Program Files (x86)\AmIcoSingLun => Moved successfully.
C:\Program Files (x86)\b237066b-9789-4619-8c4f-7114e946f763 => Moved successfully.
C:\ProgramData\xKThMviKU => Moved successfully.
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js => Moved successfully.
"C:\Users\All Users\xKThMviKU\dat\flwqPoEx.dll" => File/Directory not found.
"C:\Users\All Users\xKThMviKU\dat\keEfEkUHIc.dll" => File/Directory not found.
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js => Moved successfully.
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js => Moved successfully.
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js => Moved successfully.
C:\Users\Public\Temp\945A733BFF9F46F1A505B4A2CB893866\setup.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\nsuE4DC.tmp => Moved successfully.
C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\AnyProtectSetup[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\Cloud_Backup_Setup[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\mystartTb_5.4.1.4_sambamedia[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\rcpsetup_17970[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\sp-downloader[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\SPSetup[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\ATOYHSZL\StormWatchSetup[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\IminentMinibarIE[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\metro[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\BCMUJZ9T\spstub[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\RUW9ZUCT\MinibarFirefox[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\setup_gmsd_de[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\INetCache\IE\UI8EPRZJ\update[1].exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Mozilla\Firefox\Profiles\rl66dt0w.default\cache2\entries\427A46481545B53E77A3C5DC5A323D5369E9043A => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\18be6784_.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\294823_.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\2cd672ae_.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\4ae13d6c_.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\4D67.tmp => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\Fx6_FF_IE_Setup-Stonic-German.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\ICReinstall_nswACE5.tmp => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nswACE5.tmp => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nszE14D.tmp => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\setup_384.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\5bdbffc5-557f-4c58-aff4-6aa103118493\cloud_backup_setup.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\is-H93E9.tmp\gentlemjmp_ieu.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\is-O3NBB.tmp\gentlemjmp_ieu.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\is45637729\147900_stp\OptimizerPro.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\is45637729\165263375_stp\Installer.exe => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils.dll => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\InstallerUtils2.dll => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{BFE481D5-9D2F-4160-B5E7-0F5A7F724651}\plugins\91.js => Moved successfully.
C:\Users\Steffen\AppData\Local\Temp\nslEAFB.tmp\{C2CB3A46-3291-41B3-A028-2982704A3C86}\plugins\91.js => Moved successfully.
C:\Users\Steffen\AppData\Roaming\HQ => Moved successfully.
C:\Users\Steffen\AppData\Roaming\QVUKV => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\Temp\Security Systems\Setup.exe.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\e8JF7r85.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah\100\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\GN68wbMfZI.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\torch\User Data\Default\Extensions\fkpfamdnbpmdahfgfjjleadeaejeachh\5.2\lsdb.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\2D@Q.org\content\bg.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\9@0.co.uk\content\bg.js.vir => Moved successfully.
C:\Users\Steffen\Desktop\Antivirus\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\Smartbar.Resources.LanguageSettings.resources.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\spbe.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\spbl.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\sppsm.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\spusm.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\srbs.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\srbu.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\srptc.dll => Moved successfully.
C:\Windows\Installer\MSI5C55.tmp-\srpu.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53024CB7-66B5-4E06-ADDE-C30628C3AF52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53024CB7-66B5-4E06-ADDE-C30628C3AF52}" => Key deleted successfully.
C:\Windows\System32\Tasks\HQ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3DF08E2-53DF-46CE-A080-97828F9632E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3DF08E2-53DF-46CE-A080-97828F9632E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\QVUKV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QVUKV" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DABB7664-07AB-468A-B425-9C501A039571}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABB7664-07AB-468A-B425-9C501A039571}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
C:\WINDOWS\Tasks\HQ.job => Moved successfully.
C:\WINDOWS\Tasks\QVUKV.job => Moved successfully.
"C:\Users\Steffen\AppData\Roaming\HQ.exe" => File/Directory not found.
"C:\Users\Steffen\AppData\Roaming\QVUKV.exe" => File/Directory not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
"HKU\S-1-5-21-1891709148-1701141493-326344943-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D82A0883-FE62-4078-B268-D5E0DD28B40D}" => Key deleted successfully.
HKCR\CLSID\{D82A0883-FE62-4078-B268-D5E0DD28B40D} => Key not found. 
EmptyTemp: => Removed 4.7 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:20:30 ====
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Steffen (administrator) on HUTH on 02-01-2015 19:30:25
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\RunOnce: [Adobe Speed Launcher] => 1420222980
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Tabellen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:13 - 2015-01-02 19:13 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 19:13 - 2015-01-02 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Oracle
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-02 19:05 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 19:05 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-02 19:05 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-02 19:05 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-02 19:04 - 2015-01-02 19:05 - 00004426 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-02 19:02 - 2015-01-02 19:03 - 00880784 _____ (Google Inc.) C:\Users\Steffen\Downloads\ChromeSetup.exe
2015-01-02 16:33 - 2015-01-02 19:30 - 00000000 ____D () C:\FRST
2015-01-02 14:35 - 2015-01-02 14:35 - 02347384 _____ (ESET) C:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe
2015-01-02 11:33 - 2015-01-02 11:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-02 11:31 - 2015-01-02 11:31 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira
2015-01-02 11:30 - 2015-01-02 11:30 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-02 11:30 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-02 10:56 - 2015-01-02 10:56 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 23:30 - 2015-01-01 23:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 23:19 - 2015-01-01 23:19 - 00000000 _____ () C:\Users\Steffen\Desktop\Neues Textdokument.txt
2015-01-01 21:32 - 2015-01-01 21:32 - 573186825 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-01 21:32 - 2015-01-01 21:32 - 00393960 _____ () C:\WINDOWS\Minidump\010115-46859-01.dmp
2015-01-01 21:32 - 2015-01-01 21:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-02 19:30 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2014-12-22 10:35 - 2015-01-01 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:10 - 2015-01-02 10:51 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:01 - 2015-01-02 19:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 10:22 - 2014-12-22 08:52 - 00120832 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:27 - 2014-06-24 16:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-02 19:27 - 2014-02-24 12:43 - 01746170 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-02 19:22 - 2014-06-24 19:39 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 19:21 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-02 19:21 - 2013-10-07 19:23 - 01435150 _____ () C:\WINDOWS\PFRO.log
2015-01-02 19:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 19:20 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-02 19:19 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-02 19:17 - 2014-06-24 19:39 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 19:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-02 19:12 - 2014-06-24 19:39 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 19:12 - 2014-06-24 19:39 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 19:09 - 2014-08-19 17:18 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Adobe
2015-01-02 19:07 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-02 19:05 - 2014-06-25 18:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-02 19:05 - 2014-06-25 18:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 16:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-02 16:36 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-02 14:34 - 2013-08-22 15:46 - 00055104 _____ () C:\WINDOWS\setupact.log
2015-01-02 10:56 - 2014-06-25 15:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 10:50 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files\Google
2015-01-02 10:48 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-02 10:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-02 10:31 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-01 23:23 - 2014-06-24 21:02 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 23:23 - 2014-06-24 15:55 - 00001022 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 23:13 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-01 23:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 21:32 - 2013-08-22 15:44 - 00423096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 10:05 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-23 10:03 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 12:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-02 19:31:18
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C16064C4-AA00-48E7-A39E-5C279498190C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5


System errors:
=============
Error: (01/02/2015 07:22:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 04:49:50 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 04:49:19 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/02/2015 00:12:45 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 00:12:15 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/02/2015 11:11:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 11:09:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 11:09:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 10:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5eb8401d0267adf81f5e8C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe6f73e9df-9270-11e4-82c6-342387e65e92

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5ec2001d0267811b542e0C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exec6a5719b-926d-11e4-82c6-342387e65e92


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 10:27:36.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:36.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:34.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:06.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:29.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:28.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3986.27 MB
Available physical RAM: 2412.32 MB
Total Pagefile: 8082.27 MB
Available Pagefile: 6386.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:382.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 02.01.2015, 20:26   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
Hosts:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Nochmal ein frisches FRST Log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 07:43   #9
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-03 08:32:00 Run:2
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
Hosts:
Emptytemp:
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 18.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 08:32:05 ====
         
FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Steffen (administrator) on HUTH on 03-01-2015 08:35:24
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\RunOnce: [Adobe Speed Launcher] => 1420270475
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Tabellen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39728 2011-08-23] (Paragon Software Group)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-08-23] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-08-23] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-08-23] (Paragon)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:50 - 2015-01-02 19:50 - 00002430 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 11 Home.lnk
2015-01-02 19:50 - 2015-01-02 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 11 Home
2015-01-02 19:50 - 2011-08-23 11:05 - 00039728 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2015-01-02 19:49 - 2015-01-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2015-01-02 19:37 - 2015-01-02 19:40 - 130577920 _____ () C:\Users\Steffen\Downloads\Paragon-183-HEG_WinInstallSNU_10.0.17.13783_000.msi
2015-01-02 19:13 - 2015-01-02 19:13 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 19:13 - 2015-01-02 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Oracle
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-02 19:05 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 19:05 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-02 19:05 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-02 19:05 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-02 19:04 - 2015-01-02 19:05 - 00004426 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-02 19:02 - 2015-01-02 19:03 - 00880784 _____ (Google Inc.) C:\Users\Steffen\Downloads\ChromeSetup.exe
2015-01-02 16:33 - 2015-01-03 08:35 - 00000000 ____D () C:\FRST
2015-01-02 14:35 - 2015-01-02 14:35 - 02347384 _____ (ESET) C:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe
2015-01-02 11:33 - 2015-01-02 11:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-02 11:31 - 2015-01-02 11:31 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira
2015-01-02 11:30 - 2015-01-02 11:30 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-02 11:30 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-02 10:56 - 2015-01-02 10:56 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 23:30 - 2015-01-01 23:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 21:32 - 2015-01-01 21:32 - 573186825 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-01 21:32 - 2015-01-01 21:32 - 00393960 _____ () C:\WINDOWS\Minidump\010115-46859-01.dmp
2015-01-01 21:32 - 2015-01-01 21:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-03 08:35 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2014-12-22 10:35 - 2015-01-01 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:10 - 2015-01-02 10:51 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:01 - 2015-01-02 19:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 10:22 - 2014-12-22 08:52 - 00120832 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 08:34 - 2014-06-24 19:39 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 08:33 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-03 08:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-03 08:32 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-03 08:32 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-03 08:32 - 2014-02-24 12:43 - 01828421 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-03 08:32 - 2013-10-07 19:23 - 01435766 _____ () C:\WINDOWS\PFRO.log
2015-01-03 08:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-02 19:44 - 2014-06-24 16:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-02 19:32 - 2013-08-22 15:46 - 00055253 _____ () C:\WINDOWS\setupact.log
2015-01-02 19:19 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-02 19:17 - 2014-06-24 19:39 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 19:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-02 19:12 - 2014-06-24 19:39 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 19:12 - 2014-06-24 19:39 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 19:09 - 2014-08-19 17:18 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Adobe
2015-01-02 19:07 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-02 19:05 - 2014-06-25 18:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-02 19:05 - 2014-06-25 18:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 16:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-02 10:56 - 2014-06-25 15:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 10:50 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files\Google
2015-01-02 10:48 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-02 10:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-02 10:31 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-01 23:23 - 2014-06-24 21:02 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 23:23 - 2014-06-24 15:55 - 00001022 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 23:13 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-01 23:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 21:32 - 2013-08-22 15:44 - 00423096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 10:05 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2014-12-23 10:03 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 12:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Steffen at 2015-01-03 08:39:16
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Paragon Backup and Recovery™ 11 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {3B68967E-A83A-4E9A-8B0F-D7ED949044CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5


System errors:
=============
Error: (01/03/2015 08:33:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/03/2015 08:33:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:52:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:22:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 04:49:50 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 04:49:19 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/02/2015 00:12:45 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/02/2015 00:12:15 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5eb8401d0267adf81f5e8C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe6f73e9df-9270-11e4-82c6-342387e65e92

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5ec2001d0267811b542e0C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exec6a5719b-926d-11e4-82c6-342387e65e92


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 10:27:36.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:36.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:34.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:06.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:29.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:28.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3986.27 MB
Available physical RAM: 2522.58 MB
Total Pagefile: 8082.27 MB
Available Pagefile: 6393.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:382.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Ich bin die nächsten Tage nicht am Rechner, also bitte nicht wundern wenn ich nicht zurück schreibe. Denke Montagabend kann ich die nächsten Schritte machen.
Wie weit sind wir eigentlich?

Alt 03.01.2015, 11:07   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.01.2015, 20:14   #11
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Steffen at 2015-01-07 21:00:58 Run:3
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54541;https=127.0.0.1:54541
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog 21:00:58 ====
         
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Steffen (administrator) on HUTH on 07-01-2015 21:06:10
Running from C:\Users\Steffen\Desktop\Antivirus
Loaded Profile: Steffen (Available profiles: Steffen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [SfWinStartInfo] => C:\SFirm\SF-Programm\sfWinStartupInfo.exe [81496 2014-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1891709148-1701141493-326344943-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1891709148-1701141493-326344943-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
Hosts: 54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steffen\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\rl66dt0w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google-Suche) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Google Tabellen) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Google Mail) - C:\Users\Steffen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-11-24] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 McProxy; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39728 2011-08-23] (Paragon Software Group)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-11-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-08-23] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-08-23] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-08-23] (Paragon)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 09:06 - 2015-01-05 09:06 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-01-05 09:05 - 2015-01-05 18:54 - 00000000 ____D () C:\Users\Steffen\Desktop\UnterlagenIV-14
2015-01-02 19:50 - 2015-01-02 19:50 - 00002430 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 11 Home.lnk
2015-01-02 19:50 - 2015-01-02 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 11 Home
2015-01-02 19:50 - 2011-08-23 11:05 - 00039728 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hotcore3.sys
2015-01-02 19:49 - 2015-01-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2015-01-02 19:37 - 2015-01-02 19:40 - 130577920 _____ () C:\Users\Steffen\Downloads\Paragon-183-HEG_WinInstallSNU_10.0.17.13783_000.msi
2015-01-02 19:13 - 2015-01-02 19:13 - 00002278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 19:13 - 2015-01-02 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Oracle
2015-01-02 19:05 - 2015-01-02 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-02 19:05 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-02 19:05 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-01-02 19:05 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-01-02 19:05 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-01-02 19:04 - 2015-01-02 19:05 - 00004426 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_71-b14.log
2015-01-02 16:33 - 2015-01-07 21:06 - 00000000 ____D () C:\FRST
2015-01-02 14:35 - 2015-01-02 14:35 - 02347384 _____ (ESET) C:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe
2015-01-02 11:33 - 2015-01-02 11:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-02 11:31 - 2015-01-02 11:31 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira
2015-01-02 11:30 - 2015-01-02 11:30 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-02 11:30 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-02 11:30 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\ProgramData\Avira
2015-01-02 10:56 - 2015-01-02 11:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-02 10:56 - 2015-01-02 10:56 - 00001164 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 23:30 - 2015-01-01 23:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 21:32 - 2015-01-01 21:32 - 573186825 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-01 21:32 - 2015-01-01 21:32 - 00393960 _____ () C:\WINDOWS\Minidump\010115-46859-01.dmp
2015-01-01 21:32 - 2015-01-01 21:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-01 21:14 - 2015-01-01 21:14 - 00000000 _____ () C:\Users\Steffen\defogger_reenable
2015-01-01 21:12 - 2015-01-07 21:06 - 00000000 ____D () C:\Users\Steffen\Desktop\Antivirus
2014-12-22 10:35 - 2015-01-01 23:17 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 10:34 - 2014-12-22 10:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-22 10:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-22 10:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-22 10:28 - 2014-12-22 10:27 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 09:09 - 2014-12-22 12:07 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 12:07 - 00001117 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-12-22 09:09 - 2014-12-22 09:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-22 09:02 - 2014-12-22 10:48 - 00000000 ___HD () C:\Users\Public\Temp
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Gast
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-22 08:40 - 2014-12-22 08:40 - 00000000 ____D () C:\Users\Administrator
2014-12-20 09:00 - 2014-12-20 09:00 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-12-19 20:06 - 2014-12-22 09:06 - 00000111 _____ () C:\Users\Steffen\AppData\Roaming\WB.CFG
2014-12-19 19:35 - 2014-12-23 08:57 - 00000000 ____D () C:\Users\Steffen\AppData\Local\CrashDumps
2014-12-19 19:35 - 2014-12-19 19:35 - 00369152 ___SH (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2014-12-19 19:35 - 2014-12-19 19:35 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-12-19 19:35 - 2005-07-14 12:31 - 00032256 ___SH () C:\WINDOWS\SysWOW64\AVSredirect.dll
2014-12-19 19:35 - 2004-02-22 10:11 - 00719872 ___SH (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2014-12-19 19:35 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\WINDOWS\SysWOW64\i420vfw.dll
2014-12-19 19:28 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-19 19:10 - 2015-01-02 10:51 - 00000000 ____D () C:\ProgramData\Norton
2014-12-19 19:10 - 2014-12-19 19:24 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-12-19 19:01 - 2015-01-02 19:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-19 19:01 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Temp9616
2014-12-19 19:01 - 2014-12-22 09:41 - 00002290 _____ () C:\WINDOWS\patsearch.bin
2014-12-19 18:56 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\8656
2014-12-19 18:31 - 2014-12-22 11:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\SafeWeb
2014-12-19 18:27 - 2014-12-20 09:02 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieUserList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieSiteList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 __SHD () C:\Users\Steffen\AppData\Local\EmieBrowserModeList
2014-12-19 18:27 - 2014-12-19 18:27 - 00000000 ____D () C:\Users\Steffen\Documents\eRightSoft
2014-12-19 18:27 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2014-12-19 18:27 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\drvc.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00370880 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll
2014-12-19 18:26 - 2014-12-05 00:09 - 00324592 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Canneverbe Limited
2014-12-19 18:13 - 2014-12-19 18:13 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-12-19 10:22 - 2015-01-07 20:06 - 00139776 ___SH () C:\Users\Steffen\Desktop\Thumbs.db
2014-12-17 17:31 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-17 17:31 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-17 17:23 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-17 17:23 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-17 17:23 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-17 17:23 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-17 17:23 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-17 17:23 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-17 17:22 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-17 17:22 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-17 17:22 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-17 17:22 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-17 17:22 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-17 17:22 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-17 17:22 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-17 17:22 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-17 17:22 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-17 17:22 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-17 17:22 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-17 17:22 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-17 17:22 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-17 17:22 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-17 17:22 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-17 17:22 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-17 17:22 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-17 17:22 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-17 17:22 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-17 17:22 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-17 17:22 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-17 17:22 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-17 17:22 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-17 17:22 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-17 17:22 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-17 17:22 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-17 17:22 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 18:38 - 2014-12-15 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-07 20:17 - 2014-06-24 19:39 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 20:14 - 2014-02-24 12:43 - 01973571 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 20:12 - 2014-06-26 19:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:02 - 2013-08-22 15:46 - 00055998 _____ () C:\WINDOWS\setupact.log
2015-01-07 19:54 - 2014-06-24 16:02 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{147E9BA2-DD6C-46F4-803E-1111780ABAE9}
2015-01-07 19:52 - 2014-06-24 19:39 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 19:02 - 2014-06-24 17:09 - 00000000 ____D () C:\ProgramData\Lexware
2015-01-05 18:53 - 2014-07-06 13:09 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Nitro PDF
2015-01-05 18:51 - 2014-06-25 17:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\apsec
2015-01-05 09:56 - 2014-11-25 15:55 - 00000000 ____D () C:\SFirm
2015-01-05 09:41 - 2014-10-09 19:09 - 00000284 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-01-04 19:52 - 2014-06-24 16:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1891709148-1701141493-326344943-1001
2015-01-03 08:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-03 08:32 - 2014-02-24 13:27 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-01-03 08:32 - 2013-10-07 19:23 - 01435766 _____ () C:\WINDOWS\PFRO.log
2015-01-02 19:19 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Google
2015-01-02 19:13 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-02 19:12 - 2014-06-24 19:39 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-02 19:12 - 2014-06-24 19:39 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-02 19:09 - 2014-08-19 17:18 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Adobe
2015-01-02 19:07 - 2014-06-26 19:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-02 19:05 - 2014-06-25 18:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-02 19:05 - 2014-06-25 18:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-02 16:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-02 10:56 - 2014-06-25 15:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-02 10:50 - 2014-06-24 19:39 - 00000000 ____D () C:\Program Files\Google
2015-01-02 10:48 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-02 10:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-02 10:31 - 2014-02-24 13:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-01 23:23 - 2014-06-24 21:02 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-01 23:23 - 2014-06-24 15:55 - 00001022 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 23:13 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-01 23:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 21:32 - 2013-08-22 15:44 - 00423096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-01 21:14 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen
2015-01-01 21:04 - 2014-10-09 18:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-01 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-01 20:56 - 2014-02-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-01 20:45 - 2013-08-22 20:12 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-01-01 20:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-23 10:14 - 2014-02-24 21:31 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 10:14 - 2014-02-24 21:31 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 10:14 - 2013-10-07 19:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 09:41 - 2014-10-09 19:09 - 00002894 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-12-22 09:45 - 2014-06-24 15:54 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Pokki
2014-12-22 09:01 - 2014-06-24 21:02 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Mozilla
2014-12-20 09:00 - 2014-06-25 19:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\LSC
2014-12-20 09:00 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-12-20 09:00 - 2014-02-24 13:05 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-20 08:58 - 2014-02-24 13:22 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-12-19 19:06 - 2014-06-24 21:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-19 15:15 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-17 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-17 20:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 19:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-17 19:53 - 2014-06-25 17:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-17 19:50 - 2014-06-25 17:08 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-16 20:58 - 2014-06-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 18:42 - 2014-06-24 19:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Steffen\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 12:11

==================== End Of Log ============================
         
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Steffen at 2015-01-07 21:06:58
Running from C:\Users\Steffen\Desktop\Antivirus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version:  - SEIKO EPSON Corporation)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6490.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.829.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nitro Pro 8 (HKLM\...\{84DAF9F1-513C-49F8-89D2-63CB3F4A7E39}) (Version: 8.5.7.1 - Nitro)
Paragon Backup and Recovery™ 11 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH)
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 15:14:35 Windows Update
01-01-2015 20:39:40 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-22 09:02 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126	alnbbbmmheedjelgjiljibhlicildiae

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A910EC4-B48A-4681-ACB9-C4E1554A2491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {46426515-6E5A-497C-A952-AD078AE5E37F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {4AF41F12-842C-42F7-8868-16EA250A09D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {50682D89-5D0C-423F-BF67-0B8B0C1F3503} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {54450D31-968D-4874-9E27-C73D5AF49BED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5C5D0851-B8EE-4BCD-9AEF-3B0F98829DC8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {8BCE313D-47FE-43AD-88C1-27272438B3DC} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {B73F4F91-135D-4861-AE35-167B20140987} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {BE706926-8251-4CE3-891A-74FECED74A1D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C8681972-6376-41F7-A3A3-0554E8F006A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {C98AE8D7-4B07-4BEE-A67D-40341FC416A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {E57A9D10-DE27-42BF-8998-8B1200E574D4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {E7907F5B-463A-40C4-BE28-2F2799D7E7D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F2A5BBB1-FA44-4E0A-95B3-871868E20CDE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {F6702BC6-39F3-4419-999F-CD3F91F21C11} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-02] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 16:03 - 2013-08-19 16:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-02-24 13:22 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-24 13:27 - 2014-02-24 13:27 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-24 05:21 - 2013-08-13 03:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-24 13:00 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll
2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll
2014-12-15 18:38 - 2014-12-15 18:38 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1891709148-1701141493-326344943-500 - Administrator - Disabled)
Gast (S-1-5-21-1891709148-1701141493-326344943-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1891709148-1701141493-326344943-1003 - Limited - Enabled)
Steffen (S-1-5-21-1891709148-1701141493-326344943-1001 - Administrator - Enabled) => C:\Users\Steffen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e5e
ID des fehlerhaften Prozesses: 0xc20
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5


System errors:
=============
Error: (01/07/2015 08:21:03 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/07/2015 08:20:33 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 07:53:58 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/04/2015 07:53:28 PM) (Source: DCOM) (EventID: 10010) (User: Huth)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/03/2015 08:33:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/03/2015 08:33:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:52:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:22:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Proxy Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/02/2015 07:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee AP Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/02/2015 04:31:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 04:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/02/2015 02:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:36:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 02:35:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_deu.exe

Error: (01/02/2015 00:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5eb8401d0267adf81f5e8C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe6f73e9df-9270-11e4-82c6-342387e65e92

Error: (01/02/2015 11:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5ec2001d0267811b542e0C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exec6a5719b-926d-11e4-82c6-342387e65e92


CodeIntegrity Errors:
===================================
  Date: 2015-01-02 10:27:36.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:36.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:35.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:34.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:27:06.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:30.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:29.039
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-02 10:19:28.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 3986.27 MB
Available physical RAM: 2473.75 MB
Total Pagefile: 8082.27 MB
Available Pagefile: 6153.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:426.21 GB) (Free:381.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 318ADBDA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Sorry für die Wartezeit ging aber leider nicht eher.

Alt 08.01.2015, 06:47   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.01.2015, 19:35   #13
Koureni
 
Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



So bin endlich dazu gekommen alles abzuschließen.

Probleme gibts zum Glück keine mehr.

Vielen Dank

Alt 15.01.2015, 06:02   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Standard

Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise
device driver, feedback, flwsrf entfernen, foxtab entfernen, foxy secure entfernen, priceless, pup.optional.adwareplugin, pup.optional.bench.a, pup.optional.blockandsurf.a, pup.optional.browserguard.a, pup.optional.cinema.a, pup.optional.conduitsearchprotect, pup.optional.flowsurf.a, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.iminent.a, pup.optional.mindspark.a, pup.optional.multiplug.a, pup.optional.opencandy, pup.optional.searchprotect.a, pup.optional.smartcoupon.a, pup.optional.supporter.a, pup.optional.umbrella.a, pup.optional.wajam.a, pup.optional.webenhance.a, rogue.multiple, search protect entfernen, sfirm, vc32loader.dll, vc32lo~1.dll, vc64lo~1.dll, webssearches uninstall entfernen



Ähnliche Themen: Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise


  1. Windows 8: Ständige Werbepopups
    Log-Analyse und Auswertung - 19.11.2015 (3)
  2. Ständige Werbung in allen Browsern unter Windows 10
    Log-Analyse und Auswertung - 15.08.2015 (11)
  3. Windows 8.1 ständige Werbung im I-Net unabhängig vom Browser
    Log-Analyse und Auswertung - 05.08.2015 (9)
  4. Windows 7 ständige Werbung und neue Tabs
    Log-Analyse und Auswertung - 13.02.2015 (14)
  5. Ständige W-Lan Verbindungsabbrüche Windows 8.1 Broadcom802.11n Netzwerkadapter
    Alles rund um Windows - 07.12.2014 (3)
  6. Windows 7: ständige Weiterleitung auf Werbeseiten
    Log-Analyse und Auswertung - 31.07.2014 (9)
  7. Windows 8.1, ständige Werbeeinblendung beim Öffnen von Browserfenster
    Plagegeister aller Art und deren Bekämpfung - 25.07.2014 (18)
  8. Werbeeinblendung? auf dem Bildschirm nach Systemstart
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (17)
  9. Ständige Weiterleitung auf ominöse Werbeseiten bei Firefox mit Windows 7
    Plagegeister aller Art und deren Bekämpfung - 23.05.2014 (18)
  10. Windows 7, Ständige Pop-Ups in Google Chrome
    Log-Analyse und Auswertung - 26.02.2014 (11)
  11. windows 7: werbeeinblendung durch "saveshare"
    Log-Analyse und Auswertung - 21.10.2013 (9)
  12. Windows XP (2002 SP3): QVO6 und ständige Popups (Warnungen)
    Log-Analyse und Auswertung - 10.08.2013 (7)
  13. Browser-Umleitung zu schädlicher Seite und unerwüschte Werbeeinblendung
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (7)
  14. Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (19)
  15. Werbeeinblendung sowie sporadische Umleitungen bei klick auf Links
    Log-Analyse und Auswertung - 04.05.2012 (1)
  16. Ungewünschte Werbeeinblendung
    Log-Analyse und Auswertung - 05.12.2008 (1)
  17. Hartnäckige Werbeeinblendung über csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 03.09.2005 (12)

Zum Thema Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise - Hallo, ich habe wie im Titel beschrieben die Probleme das in jedem Internetbrowser ständig Werbeeinblendungen und Pop-Ups aufploppen. Diese sind meist mit vermeidlichen Sicherheitshinweisen auf neue Updates gekoppelt, welche offensichtlich - Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise...
Archiv
Du betrachtest: Windows 8 64-bit: Ständige Werbeeinblendung und vermeidliche Sicherheitshinweise auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.