Hilfe! Mein Computer hat Viren! PUP.optional.Wajam.A etc.

Enno123 · 07.02.2015, 17:14

Hallo an Alle!

Mein kleiner Bruder hat mal wieder was gedownloadet und unseren Familien-PC mit Viren kontaminiert. Dauerhaft öffnet sich ein Programm mit dem Namen PC Speed Up, außerdem sind die Startseiten der Browser vollkommen verändert : istart.webssearches.com ??

Nun habe ich mir Malewarebytes geladen und drüberlaufen lassen. Und da kam allerhand zusammen!

Ich hoffe Ihr könnt mir helfen den PC wieder zu heilen...

Vielen dank schonmal

LG

Enrico

LOG Malewarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.02.2015
Suchlauf-Zeit: 16:29:50
Logdatei: LOG_Malewarebytes.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.07.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Friedrich

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 396196
Verstrichene Zeit: 18 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 4
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1488, , [10028298bfcbb58126a2abbbc13fe21e]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1828, , [49c9b961fa9033030fa08f7a18ea738d]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe, 4812, , [59b9c2586c1ee452d8a00611679bcc34]
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe, 1932, , [da38a179acdecc6ac99156361be8ff01]

Module: 5
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\ApiHandlr.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\FiddlerCore.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\Newtonsoft.Json.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 

Registrierungsschlüssel: 25
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [10028298bfcbb58126a2abbbc13fe21e], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [49c9b961fa9033030fa08f7a18ea738d], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [9d75b2685e2c2d09b3ad2c6245be1ae6], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [4dc5fe1cb3d754e2efa00f7b0ff43dc3], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, , [6ea4100a6c1e8ea89dc31b737c8756aa], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [809266b4c2c8bf7787699c6859acf60a], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [8e847b9f226824127a53f4cec34060a0], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WIntEnhance, , [2ee43ddd96f47abc192b4a3db54e0000], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9a7877a393f75dd92f811ad661a3f30d], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [819141d9fb8fa78fdc7e6c343ac96c94], 
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Internet Enhancer Service, , [da38a179acdecc6ac99156361be8ff01], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [7a98aa701b6f39fdc8c7662f709302fe], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIEnhance, , [d04272a81575211568f6028ab44f52ae], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WIntEnhance, , [20f25bbfc1c9e650e3622f58cf34748c], 
PUP.Optional.Qone8, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [a86abb5f1c6e191d743b41af689c837d], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WIntEnhance, , [f022ac6e47434ceaa21c400d020155ab], 
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webssearches uninstall, , [8290a872abdf8bab134f470d20e3fe02], 

Registrierungswerte: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cvs, , [819141d9fb8fa78fdc7e6c343ac96c94]

Registrierungsdaten: 12
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[52c01dfd216984b299182982c93c32ce]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}),,[61b1001a6624c175e0d4b1fabb4ad12f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[2de5ff1b9eeca294e1d2b3f8e81d6997]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[d9398b8ff09a0e28c0f5208b9b6af60a]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}),,[090948d255356fc7d35aa702a065f10f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[55bd0317e9a1fe38cee3f7b4d23331cf]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}),,[da38001a97f3e74f09ab159635d034cc]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[8d85cd4d4a409a9c4172e8c35fa68c74]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1),,[24eeb6642664a690447154577491aa56]
PUP.Optional.WebsSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}),,[ae645dbdf1993ef8b8751b8eca3bc040]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[838f011917737db90092ecc93dc87c84]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-3631515150-3942624288-380681899-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=st500lm000-1ej162_w370dsv1xxxxw370dsv1, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=st500lm000-1ej162_w370dsv1xxxxw370dsv1),,[8f83e23858322511b39d4373f3129d63]

Ordner: 40
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, , [f022ac6e47434ceaa21c400d020155ab], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [a76b03172a607bbba97381e4bf449c64], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [a76b03172a607bbba97381e4bf449c64], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [4bc7e931a6e4b482ffc495eced16659b], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [4bc7e931a6e4b482ffc495eced16659b], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance, , [d63cb2680d7d48ee09a388fcaa5957a9], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam, , [d63cb2680d7d48ee09a388fcaa5957a9], 

Dateien: 164
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [10028298bfcbb58126a2abbbc13fe21e], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [49c9b961fa9033030fa08f7a18ea738d], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe, , [59b9c2586c1ee452d8a00611679bcc34], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, , [d33f0416cac0fd3917cf6c98986bd52b], 
PUP.Optional.WindowsProtectManger.A, C:\Users\Friedrich\AppData\Local\Temp\~dl2314\~dljyb\tmp\wpm_v20.0.0.1714.exe, , [2ae85ebcdfab221423a574f2b94733cd], 
PUP.Optional.XTab.A, C:\Users\Friedrich\AppData\Local\Temp\~dl2314\~dljyb\tmp\XTab_v4.0.exe, , [d2409e7cb5d543f396197594bf43f010], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, , [32e07f9b107a93a3b9bf0e7a29dae917], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, , [30e2d545e9a134024d2bdcac3fc430d0], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [db378694c4c6d75fa0f06b1f0102e61a], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe, , [da38a179acdecc6ac99156361be8ff01], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, , [f022ac6e47434ceaa21c400d020155ab], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\458.json, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\MessageBox.xml, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\uninstallDlg2.xml, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\UninstallManager.exe, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\bg.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\bg1.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\bk_shadow.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\button.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\button1.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\checkbox.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\checkbox_select.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\checked.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\close.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\loading_bg.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\loading_light.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\min.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\scrollbar.bmp, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\Thumbs.db, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\unchecked.png, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code1.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code2.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code3.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code4.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code5.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\code6.jpg, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Roaming\webssearches\images\code\Thumbs.db, , [8290a872abdf8bab134f470d20e3fe02], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [a76b03172a607bbba97381e4bf449c64], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [4bc7e931a6e4b482ffc495eced16659b], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\uninstall.exe, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\amazon.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\argos.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ask.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\bestbuy.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ebay.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\etsy.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\facebook.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\favicon.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\google.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\homedepot.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ikea.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\imdb.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\lowes.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mercado.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mysearchweb.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\myshopping.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\searchresult.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\sears.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\setting.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\settings.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\shopping.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\target.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tesco.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tripadvisor.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\twitter.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wajam.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\walmart.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wiki.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\yahoo.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\zalando.ico, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1153ee9953a8d86704b766bd7609d800, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1a79481564ec9035d56c0626bb372ba2, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1af2a17a1d8b2a7a596f70d2e821bf62, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1d7a9926650ba29316a688ebf4c34310, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\4aace70ded70d2c06b21005f5e85bb0e, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\5813882f6115027e854125833ba56a47, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\74757ecd6d26f239d3c361e551ac5b44, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\ApiHandlr.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\b5ee3c46972a98083c47fb2bd1f489f1, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\bc0e8acf5e9055ff0ea289d49ed16c07, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\c7e3a6679403683aa3acdc22401d3ae7, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\dba5d5eaa194a5422a01e670dd73b448, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\e5cca93dc1ab51b874334bd320aadf4b, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\FiddlerCore.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\HtmlAgilityPack.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\makecert.exe, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\Newtonsoft.Json.dll, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WHttpServer.exe, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\wie, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WJManifest, , [6da5b9616b1f6ec84b60483cbc471fe1], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam\uninstall.lnk, , [d63cb2680d7d48ee09a388fcaa5957a9], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus · 07.02.2015, 17:16

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Enno123 · 07.02.2015, 17:40

Hallo Cosinus!

Vielen dank das du dich meinem Problem annimmst!

Weitere Scans habe ich noch nicht gemacht. Habe auch die mit MBAM gefundenen Funde nicht in Quarantäne geschoben.

Kannst du mir auch erklären was du machst, wie du nun aus den LOG-Files das passende herausfindest? *reine Neugier*

Habe nun FRST ausgeführt.

FRST_LOG:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Friedrich (administrator) on FAMILIEN-PC on 07-02-2015 17:31:08
Running from C:\Users\Friedrich\Downloads
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [342472 2014-12-10] ()
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {2c12b5d6-4260-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {fc3721b7-8868-11e4-bea4-a4db3035b3cf} - "F:\AutoRun.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
ProxyEnable: [S-1-5-21-3631515150-3942624288-380681899-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3631515150-3942624288-380681899-1002] => http=127.0.0.1:64209;https=127.0.0.1:64209
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=st500lm000-1ej162_w370dsv1xxxxw370dsv1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3631515150-3942624288-380681899-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 Internet Enhancer Service; C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe [463872 2015-01-22] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [437704 2014-12-10] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-30] (SysTool PasSame LIMITED) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150122.001\IDSvia64.sys [668888 2015-01-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 17:29 - 2015-02-07 17:29 - 02132992 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2015-02-07 16:29 - 2015-02-07 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:28 - 2015-02-07 16:28 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-07 16:27 - 2015-02-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 19:19 - 2015-02-04 19:19 - 00000581 _____ () C:\Users\Public\Desktop\OMSI.lnk
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Friedrich\Neuer Ordner
2015-01-31 16:33 - 2015-01-31 16:35 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00 (1).zip
2015-01-31 16:29 - 2015-02-07 16:59 - 00003112 _____ () C:\WINDOWS\System32\Tasks\RDReminder
2015-01-31 16:29 - 2015-02-07 16:59 - 00000324 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2015-01-31 16:29 - 2015-01-31 17:38 - 00000308 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-01-31 16:29 - 2015-01-31 16:59 - 00003058 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_Updates
2015-01-31 16:29 - 2015-01-31 16:59 - 00003044 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dll-files.com
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2015-01-31 16:29 - 2014-06-10 12:27 - 00019392 _____ (Dll-Files.com) C:\WINDOWS\system32\roboot64.exe
2015-01-31 16:25 - 2015-01-31 16:28 - 05344984 _____ (Dll-Files.com ) C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Friedrich\SDK
2015-01-31 15:31 - 2015-01-31 15:33 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00.zip
2015-01-30 18:22 - 2015-01-30 18:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dlg
2015-01-30 18:12 - 2015-02-07 16:29 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2015-01-30 18:12 - 2015-02-05 17:14 - 00000372 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2015-01-30 18:12 - 2015-01-30 18:12 - 00002734 _____ () C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2015-01-30 18:12 - 2015-01-30 18:12 - 00000000 ____D () C:\Users\Friedrich\Documents\PCSpeedUp
2015-01-30 18:12 - 2015-01-30 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\WIntEnhance
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-01-30 17:50 - 2015-01-30 17:50 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-30 17:49 - 2015-01-30 17:50 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-30 17:42 - 2015-01-30 17:42 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-30 17:38 - 2015-01-30 17:38 - 00620960 _____ () C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe
2015-01-21 22:34 - 2015-01-21 22:34 - 00000000 ____D () C:\ProgramData\CanonIJ
2015-01-21 10:23 - 2015-01-22 18:47 - 00001321 _____ () C:\Users\Friedrich\Desktop\Norton-Installationsdateien.lnk
2015-01-21 10:20 - 2015-01-21 10:22 - 01038256 _____ (Symantec Corporation) C:\Users\Friedrich\Downloads\NSDownloader.exe
2015-01-18 20:21 - 2015-01-18 20:21 - 00000022 _____ () C:\Users\Friedrich\Desktop\Neuer ZIP-komprimierter Ordner.zip
2015-01-15 17:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 17:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 17:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 17:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 17:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 17:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 17:15 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 17:15 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 17:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-15 17:14 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-09 19:09 - 2015-01-09 19:09 - 00001958 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2015-01-09 19:09 - 2015-01-09 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 17:31 - 2014-07-10 16:55 - 00025187 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2015-02-07 17:31 - 2014-07-10 16:54 - 00000000 ____D () C:\FRST
2015-02-07 17:21 - 2014-11-09 14:35 - 01796208 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 17:21 - 2014-01-04 05:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2015-02-07 17:17 - 2014-07-02 20:55 - 00002418 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 17:17 - 2014-07-02 20:54 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 17:12 - 2014-07-02 20:54 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-07 16:28 - 2014-11-28 22:05 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E6E468D-611E-4B19-A146-35BF380A5742}
2015-02-07 16:25 - 2014-12-08 19:23 - 00000000 ___RD () C:\Users\Friedrich\OneDrive
2015-02-05 21:58 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 20:26 - 2014-01-23 20:16 - 00000000 ____D () C:\ProgramData\tmp
2015-02-04 19:19 - 2014-12-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-02-04 19:19 - 2013-10-31 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:19 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 19:19 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-03 19:19 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-03 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-03 19:14 - 2014-11-09 14:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 19:14 - 2013-08-22 15:46 - 00333823 _____ () C:\WINDOWS\setupact.log
2015-02-03 19:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 19:13 - 2013-10-31 21:14 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-03 19:13 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 20:20 - 2014-01-09 03:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 19:16 - 2014-09-23 22:06 - 00013188 _____ () C:\WINDOWS\PFRO.log
2015-01-31 18:51 - 2014-01-04 05:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-01-31 17:40 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\Friedrich\Desktop\Basti
2015-01-31 16:42 - 2014-11-09 14:43 - 00000000 ____D () C:\Users\Friedrich
2015-01-30 17:41 - 2014-11-09 16:55 - 00001685 _____ () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:33 - 2014-01-04 21:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2015-01-23 17:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-22 18:49 - 2014-01-23 18:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-22 18:47 - 2014-01-23 18:33 - 00195584 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2015-01-21 22:33 - 2014-01-09 03:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2015-01-21 21:56 - 2014-01-04 21:06 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Nitro PDF
2015-01-21 10:23 - 2014-01-23 18:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-19 20:10 - 2014-01-14 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 20:07 - 2014-01-14 18:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-16 18:09 - 2014-11-16 18:31 - 0006656 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 21:12 - 2013-10-31 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 18:39

==================== End Of Log ============================

--- --- ---

cosinus · 07.02.2015, 17:44

addition.txt fehlt

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\Friedrich\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Enno123 · 07.02.2015, 18:00

Ohh, da ist mir wohl ein Fehler unterlaufen.

FRST_LOG:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Friedrich (administrator) on FAMILIEN-PC on 07-02-2015 17:52:53
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [342472 2014-12-10] ()
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {2c12b5d6-4260-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {fc3721b7-8868-11e4-bea4-a4db3035b3cf} - "F:\AutoRun.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
ProxyEnable: [S-1-5-21-3631515150-3942624288-380681899-1002] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3631515150-3942624288-380681899-1002] => http=127.0.0.1:64209;https=127.0.0.1:64209
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=st500lm000-1ej162_w370dsv1xxxxw370dsv1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1&ts=1422636570&type=default&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3631515150-3942624288-380681899-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 Internet Enhancer Service; C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe [463872 2015-01-22] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [437704 2014-12-10] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-30] (SysTool PasSame LIMITED) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150122.001\IDSvia64.sys [668888 2015-01-09] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 17:52 - 2015-02-07 17:53 - 00025449 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2015-02-07 17:50 - 2015-02-07 17:50 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2015-02-07 16:29 - 2015-02-07 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:28 - 2015-02-07 16:28 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-07 16:27 - 2015-02-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 19:19 - 2015-02-04 19:19 - 00000581 _____ () C:\Users\Public\Desktop\OMSI.lnk
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Friedrich\Neuer Ordner
2015-01-31 16:33 - 2015-01-31 16:35 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00 (1).zip
2015-01-31 16:29 - 2015-02-07 16:59 - 00003112 _____ () C:\WINDOWS\System32\Tasks\RDReminder
2015-01-31 16:29 - 2015-02-07 16:59 - 00000324 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2015-01-31 16:29 - 2015-01-31 17:38 - 00000308 _____ () C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2015-01-31 16:29 - 2015-01-31 16:59 - 00003058 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_Updates
2015-01-31 16:29 - 2015-01-31 16:59 - 00003044 _____ () C:\WINDOWS\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dll-files.com
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
2015-01-31 16:29 - 2014-06-10 12:27 - 00019392 _____ (Dll-Files.com) C:\WINDOWS\system32\roboot64.exe
2015-01-31 16:25 - 2015-01-31 16:28 - 05344984 _____ (Dll-Files.com ) C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Friedrich\SDK
2015-01-31 15:31 - 2015-01-31 15:33 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00.zip
2015-01-30 18:22 - 2015-01-30 18:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dlg
2015-01-30 18:12 - 2015-02-07 17:36 - 00000372 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2015-01-30 18:12 - 2015-02-07 16:29 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2015-01-30 18:12 - 2015-01-30 18:12 - 00002734 _____ () C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2015-01-30 18:12 - 2015-01-30 18:12 - 00000000 ____D () C:\Users\Friedrich\Documents\PCSpeedUp
2015-01-30 18:12 - 2015-01-30 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\WIntEnhance
2015-01-30 17:55 - 2015-01-30 17:55 - 00000000 ____D () C:\Program Files (x86)\Wajam
2015-01-30 17:50 - 2015-01-30 17:50 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-30 17:49 - 2015-01-30 17:50 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-30 17:42 - 2015-01-30 17:42 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-30 17:38 - 2015-01-30 17:38 - 00620960 _____ () C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe
2015-01-21 22:34 - 2015-01-21 22:34 - 00000000 ____D () C:\ProgramData\CanonIJ
2015-01-21 10:23 - 2015-01-22 18:47 - 00001321 _____ () C:\Users\Friedrich\Desktop\Norton-Installationsdateien.lnk
2015-01-21 10:20 - 2015-01-21 10:22 - 01038256 _____ (Symantec Corporation) C:\Users\Friedrich\Downloads\NSDownloader.exe
2015-01-18 20:21 - 2015-01-18 20:21 - 00000022 _____ () C:\Users\Friedrich\Desktop\Neuer ZIP-komprimierter Ordner.zip
2015-01-15 17:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 17:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 17:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 17:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 17:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 17:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 17:15 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 17:15 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 17:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-15 17:14 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-09 19:09 - 2015-01-09 19:09 - 00001958 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2015-01-09 19:09 - 2015-01-09 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 17:52 - 2014-07-10 16:54 - 00000000 ____D () C:\FRST
2015-02-07 17:40 - 2014-11-09 14:35 - 01797336 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 17:32 - 2014-07-10 16:55 - 00039324 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2015-02-07 17:21 - 2014-01-04 05:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2015-02-07 17:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-07 17:17 - 2014-07-02 20:55 - 00002418 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 17:17 - 2014-07-02 20:54 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 17:12 - 2014-07-02 20:54 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-07 16:28 - 2014-11-28 22:05 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E6E468D-611E-4B19-A146-35BF380A5742}
2015-02-07 16:25 - 2014-12-08 19:23 - 00000000 ___RD () C:\Users\Friedrich\OneDrive
2015-02-04 20:26 - 2014-01-23 20:16 - 00000000 ____D () C:\ProgramData\tmp
2015-02-04 19:19 - 2014-12-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-02-04 19:19 - 2013-10-31 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:19 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-03 19:19 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-03 19:19 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-03 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-03 19:14 - 2014-11-09 14:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 19:14 - 2013-08-22 15:46 - 00333823 _____ () C:\WINDOWS\setupact.log
2015-02-03 19:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-03 19:13 - 2013-10-31 21:14 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-03 19:13 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-01 20:20 - 2014-01-09 03:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 19:16 - 2014-09-23 22:06 - 00013188 _____ () C:\WINDOWS\PFRO.log
2015-01-31 18:51 - 2014-01-04 05:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-01-31 17:40 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\Friedrich\Desktop\Basti
2015-01-31 16:42 - 2014-11-09 14:43 - 00000000 ____D () C:\Users\Friedrich
2015-01-30 17:41 - 2014-11-09 16:55 - 00001685 _____ () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-25 18:33 - 2014-01-04 21:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2015-01-23 17:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-22 18:49 - 2014-01-23 18:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-22 18:47 - 2014-01-23 18:33 - 00195584 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2015-01-21 22:33 - 2014-01-09 03:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2015-01-21 21:56 - 2014-01-04 21:06 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Nitro PDF
2015-01-21 10:23 - 2014-01-23 18:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-19 20:10 - 2014-01-14 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 20:07 - 2014-01-14 18:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-16 18:09 - 2014-11-16 18:31 - 0006656 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 21:12 - 2013-10-31 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-31 18:39

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition_TXT:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Friedrich at 2015-02-07 17:54:05
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
MykIS 3.79 (HKLM-x32\...\MykIS_is1) (Version:  - Frank Dämmrich)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI - Stadtbus O305 (HKLM-x32\...\{3EF2A817-4ADC-46F7-8441-46DFCE158D72}) (Version: 1.10 - aerosoft)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.8.3.0 - Speedchecker Limited) <==== ATTENTION
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Wajam (HKLM-x32\...\WIntEnhance) (Version: 2.23.2.5 (i2.6) - WIntEnhance) <==== ATTENTION
webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3631515150-3942624288-380681899-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

16-01-2015 18:04:41 Windows Update
19-01-2015 20:06:43 Windows Update
25-01-2015 17:55:29 Windows Update
29-01-2015 20:23:32 Windows Update
31-01-2015 17:00:28 DLL-Files Fixer Sa, Jan 31, 15  17:00
01-02-2015 17:31:19 Installiert OMSI - Der Omnibussimulator
04-02-2015 19:14:35 Entfernt OMSI - Der Omnibussimulator

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0188B199-F44E-40E5-9B0B-2A897DB52488} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-12-10] () <==== ATTENTION
Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1321752F-38A4-45B0-92AE-FCD05F103CAA} - System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => pcalua.exe -a C:\Users\Friedrich\AppData\Local\Temp\AutoRun.exe -d C:\Users\Friedrich\AppData\Local\Temp
Task: {16045421-3BAC-4200-9E9B-F8DAA0879D1B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2C0F348F-6BF4-41ED-A9CE-37ABC2BDCE38} - System32\Tasks\RDReminder => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {2D863859-2101-40C8-8A58-D2BC53D6D35F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {48179583-930A-4DD4-BB62-A1CCD8574608} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {52C3DF30-2B70-4EF0-9986-CF183C07F9B3} - System32\Tasks\{C15D3A28-2A2B-4DE7-BE95-482ED97C5CAC} => pcalua.exe -a E:\3DSetup\3DSetup.exe -d E:\3DSetup
Task: {570131C2-F355-4938-BC8F-BDE9A115F97D} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {7A978B88-0183-4EA0-8231-8568CED2E9C3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {8E8E8AA4-7EFD-418A-952D-76468C375355} - System32\Tasks\{72FDB9AC-D44A-4B43-9DB7-8B565388817B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {923168E8-19EE-45BC-8A41-A7BB8BE6FF23} - System32\Tasks\DLL-Files.Com Fixer_Updates => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {979B44C7-E2A4-4D9C-B2CC-2FD5BC8896EB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-30 18:12 - 2014-12-10 16:04 - 00437704 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 03:49 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-01-22 15:53 - 2015-01-22 15:53 - 00463872 _____ () C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancerService.exe
2014-07-01 18:16 - 2014-07-01 18:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-12-26 19:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-22 15:53 - 2015-01-22 15:53 - 00077824 _____ () C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\InternetEnhancer.exe
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-06-28 06:02 - 2013-06-28 06:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 06:07 - 2013-06-28 06:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-01-30 18:12 - 2014-12-10 16:04 - 00342472 _____ () C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
2015-01-30 18:12 - 2014-12-10 16:04 - 00583712 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-10-31 20:43 - 2013-05-16 03:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-22 15:54 - 2015-01-22 15:54 - 00011776 _____ () C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\ApiHandlr.dll
2015-01-30 18:12 - 2014-12-10 16:04 - 00440776 _____ () C:\Program Files (x86)\PC Speed Up\PopupNotification.dll
2015-02-04 20:13 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-04 20:13 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-04 20:13 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-07 16:41 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Friedrich\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Friedrich\Videos\Modelleisenbahn\image-177680-f298a946.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3631515150-3942624288-380681899-500 - Administrator - Disabled)
Friedrich (S-1-5-21-3631515150-3942624288-380681899-1002 - Administrator - Enabled) => C:\Users\Friedrich
Gast (S-1-5-21-3631515150-3942624288-380681899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3631515150-3942624288-380681899-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-3631515150-3942624288-380681899-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 05:51:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/07/2015 04:48:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/04/2015 07:24:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b4

Startzeit: 01d040a728d73453

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 1c4f54bf-ac9b-11e4-bea9-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/04/2015 07:19:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/01/2015 05:44:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/31/2015 06:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RepaintTool.exe, Version: 1.0.0.1, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: qtintf70.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00098f05
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xRepaintTool.exe0
Pfad der fehlerhaften Anwendung: RepaintTool.exe1
Pfad des fehlerhaften Moduls: RepaintTool.exe2
Berichtskennung: RepaintTool.exe3
Vollständiger Name des fehlerhaften Pakets: RepaintTool.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RepaintTool.exe5

Error: (01/31/2015 06:51:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RepaintTool.exe, Version: 1.0.0.1, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: qtintf70.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00098f05
ID des fehlerhaften Prozesses: 0x17a4
Startzeit der fehlerhaften Anwendung: 0xRepaintTool.exe0
Pfad der fehlerhaften Anwendung: RepaintTool.exe1
Pfad des fehlerhaften Moduls: RepaintTool.exe2
Berichtskennung: RepaintTool.exe3
Vollständiger Name des fehlerhaften Pakets: RepaintTool.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RepaintTool.exe5

Error: (01/31/2015 05:54:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 80c

Startzeit: 01d03d7588ef7ead

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: d598d72a-a969-11e4-bea7-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (01/31/2015 05:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OmsiObjEditP.exe, Version: 1.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: qtintf70.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00098f05
ID des fehlerhaften Prozesses: 0x1588
Startzeit der fehlerhaften Anwendung: 0xOmsiObjEditP.exe0
Pfad der fehlerhaften Anwendung: OmsiObjEditP.exe1
Pfad des fehlerhaften Moduls: OmsiObjEditP.exe2
Berichtskennung: OmsiObjEditP.exe3
Vollständiger Name des fehlerhaften Pakets: OmsiObjEditP.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OmsiObjEditP.exe5

Error: (01/31/2015 05:40:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/03/2015 07:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (02/03/2015 07:14:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/03/2015 07:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/03/2015 07:14:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (01/31/2015 07:17:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/31/2015 07:17:16 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/31/2015 07:17:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/31/2015 07:17:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (01/31/2015 07:09:23 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/31/2015 07:09:19 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/07/2015 05:51:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe

Error: (02/07/2015 04:48:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/04/2015 07:24:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b401d040a728d734534294967295C:\WINDOWS\system32\backgroundTaskHost.exe1c4f54bf-ac9b-11e4-bea9-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/04/2015 07:19:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/01/2015 05:44:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/31/2015 06:51:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RepaintTool.exe1.0.0.12a425e19qtintf70.dll6.3.9600.1727853eeb4a3c000013500098f0510cc01d03d7e7c4f14adC:\m-r-software\Omsi\SDK\RepaintTool.exeqtintf70.dllbb7e5d32-a971-11e4-bea7-a4db3035b3cf

Error: (01/31/2015 06:51:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RepaintTool.exe1.0.0.12a425e19qtintf70.dll6.3.9600.1727853eeb4a3c000013500098f0517a401d03d7e79b0ff52C:\m-r-software\Omsi\SDK\RepaintTool.exeqtintf70.dllb915e098-a971-11e4-bea7-a4db3035b3cf

Error: (01/31/2015 05:54:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638480c01d03d7588ef7ead4294967295C:\WINDOWS\system32\backgroundTaskHost.exed598d72a-a969-11e4-bea7-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (01/31/2015 05:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OmsiObjEditP.exe1.0.0.02a425e19qtintf70.dll6.3.9600.1727853eeb4a3c000013500098f05158801d03d761075ee77C:\Users\Friedrich\Desktop\Basti\SDK\OmsiObjEditP.exeqtintf70.dll5466aabe-a969-11e4-bea7-a4db3035b3cf

Error: (01/31/2015 05:40:05 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-01-25 18:32:52.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 20:21:38.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 19:10:47.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:57:05.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 16:59:50.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 18:07:05.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-28 21:51:29.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-21 18:40:52.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-18 19:23:05.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-16 18:12:44.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 7944.27 MB
Available physical RAM: 5538.91 MB
Total Pagefile: 16648.27 MB
Available Pagefile: 13940.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.34 GB) (Free:355.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (OMSI) (CDROM) (Total:1.65 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:1.84 GB) (Free:1.5 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6E0DC121)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 07.02.2015, 18:01

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

PC Speed Up
Wajam
webssearches uninstall
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Anschließend:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Enno123 · 07.02.2015, 18:56

Hallo

Im Revo fand ich das Programm PC speed up leider nicht? Die Andren beiden habe ich gefunden

Der JRT wurde, gleich nach dem runterladen automatisch ausgeführt ( wahrschnl. nicht als Administrator ) jedenfalls stand was im LOG drin. Leider war ich so dämlich und führte das Programm nochmals aus ( dieses mal als Administrator ) und der LOG war leer... Also wurde nichts gefunden.

ADW_LOG

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 07/02/2015 um 18:33:15
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Friedrich - FAMILIEN-PC
# Gestarted von : C:\Users\Friedrich\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : pcsuservice
Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\Wajam
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\WIntEnhance
Ordner Gelöscht : C:\Program Files (x86)\Dll-Files.com Fixer
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\dll-files.com
Ordner Gelöscht : C:\Users\Friedrich\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Friedrich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
Datei Gelöscht : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : PC SpeedUp Service Deactivator
Task Gelöscht : RDReminder
Task Gelöscht : DLL-Files.Com Fixer_Updates
Task Gelöscht : DLL-Files.Com Fixer_MONTHLY

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Friedrich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Friedrich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Friedrich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Friedrich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited
Schlüssel Gelöscht : HKCU\Software\dll-files.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\dll-files.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dll-Files Fixer_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [2676 Bytes] - [01/02/2014 17:25:18]
AdwCleaner[R1].txt - [7358 Bytes] - [02/07/2014 19:47:47]
AdwCleaner[R2].txt - [7449 Bytes] - [02/07/2014 19:48:36]
AdwCleaner[R3].txt - [10366 Bytes] - [07/07/2014 19:16:06]
AdwCleaner[R4].txt - [2631 Bytes] - [10/07/2014 17:13:06]
AdwCleaner[R5].txt - [3484 Bytes] - [15/11/2014 19:50:20]
AdwCleaner[R6].txt - [9461 Bytes] - [07/02/2015 18:32:06]
AdwCleaner[S0].txt - [2609 Bytes] - [01/02/2014 17:27:29]
AdwCleaner[S1].txt - [333 Bytes] - [02/07/2014 19:48:15]
AdwCleaner[S2].txt - [5900 Bytes] - [02/07/2014 19:48:56]
AdwCleaner[S3].txt - [9003 Bytes] - [07/07/2014 19:16:48]
AdwCleaner[S4].txt - [2641 Bytes] - [10/07/2014 17:14:15]
AdwCleaner[S5].txt - [3200 Bytes] - [15/11/2014 19:51:31]
AdwCleaner[S6].txt - [8372 Bytes] - [07/02/2015 18:33:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [8431  Bytes] ##########

JRT_LOG

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Friedrich on 07.02.2015 at 18:40:51,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2015 at 18:42:24,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST_LOG

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Friedrich (administrator) on FAMILIEN-PC on 07-02-2015 18:52:38
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Thisisu) C:\Users\Friedrich\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {2c12b5d6-4260-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {fc3721b7-8868-11e4-bea4-a4db3035b3cf} - "F:\AutoRun.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3631515150-3942624288-380681899-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150122.001\IDSvia64.sys [668888 2015-01-09] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 18:42 - 2015-02-07 18:42 - 00000618 _____ () C:\Users\Friedrich\Desktop\JRT.txt
2015-02-07 18:37 - 2015-02-07 18:37 - 01388274 _____ (Thisisu) C:\Users\Friedrich\Desktop\JRT.exe
2015-02-07 18:18 - 2015-02-07 18:18 - 02112512 _____ () C:\Users\Friedrich\Desktop\AdwCleaner_4.110.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Friedrich\Desktop\revosetup95.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 00001291 _____ () C:\Users\Friedrich\Desktop\Revo Uninstaller.lnk
2015-02-07 18:07 - 2015-02-07 18:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 17:54 - 2015-02-07 17:55 - 00035784 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2015-02-07 17:52 - 2015-02-07 18:52 - 00020791 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2015-02-07 17:50 - 2015-02-07 17:50 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2015-02-07 16:29 - 2015-02-07 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:28 - 2015-02-07 16:28 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-07 16:27 - 2015-02-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 19:19 - 2015-02-04 19:19 - 00000581 _____ () C:\Users\Public\Desktop\OMSI.lnk
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Friedrich\Neuer Ordner
2015-01-31 16:33 - 2015-01-31 16:35 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00 (1).zip
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-31 16:25 - 2015-01-31 16:28 - 05344984 _____ (Dll-Files.com ) C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Friedrich\SDK
2015-01-31 15:31 - 2015-01-31 15:33 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00.zip
2015-01-30 18:22 - 2015-01-30 18:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dlg
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-30 17:38 - 2015-01-30 17:38 - 00620960 _____ () C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe
2015-01-21 22:34 - 2015-01-21 22:34 - 00000000 ____D () C:\ProgramData\CanonIJ
2015-01-21 10:23 - 2015-01-22 18:47 - 00001321 _____ () C:\Users\Friedrich\Desktop\Norton-Installationsdateien.lnk
2015-01-21 10:20 - 2015-01-21 10:22 - 01038256 _____ (Symantec Corporation) C:\Users\Friedrich\Downloads\NSDownloader.exe
2015-01-18 20:21 - 2015-01-18 20:21 - 00000022 _____ () C:\Users\Friedrich\Desktop\Neuer ZIP-komprimierter Ordner.zip
2015-01-15 17:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 17:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 17:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 17:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 17:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 17:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 17:15 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 17:15 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 17:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-15 17:14 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-09 19:09 - 2015-01-09 19:09 - 00001958 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2015-01-09 19:09 - 2015-01-09 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 18:52 - 2014-07-10 16:54 - 00000000 ____D () C:\FRST
2015-02-07 18:50 - 2014-11-09 14:35 - 02094568 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 18:46 - 2014-01-04 05:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2015-02-07 18:40 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-07 18:40 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-07 18:40 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-07 18:35 - 2014-12-08 19:23 - 00000000 ____D () C:\Users\Friedrich\OneDrive
2015-02-07 18:35 - 2014-07-02 20:54 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 18:34 - 2014-11-09 14:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 18:34 - 2014-09-23 22:06 - 00013968 _____ () C:\WINDOWS\PFRO.log
2015-02-07 18:34 - 2013-08-22 15:46 - 00333900 _____ () C:\WINDOWS\setupact.log
2015-02-07 18:34 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-07 18:33 - 2014-11-09 16:55 - 00001026 _____ () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00001309 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 18:33 - 2014-02-01 17:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 18:33 - 2013-10-31 21:14 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-07 18:33 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-07 18:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-07 18:12 - 2014-07-02 20:54 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-07 17:32 - 2014-07-10 16:55 - 00039324 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2015-02-07 17:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-07 16:28 - 2014-11-28 22:05 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E6E468D-611E-4B19-A146-35BF380A5742}
2015-02-04 20:26 - 2014-01-23 20:16 - 00000000 ____D () C:\ProgramData\tmp
2015-02-04 19:19 - 2014-12-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-02-04 19:19 - 2013-10-31 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-01 20:20 - 2014-01-09 03:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 18:51 - 2014-01-04 05:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-01-31 17:40 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\Friedrich\Desktop\Basti
2015-01-31 16:42 - 2014-11-09 14:43 - 00000000 ____D () C:\Users\Friedrich
2015-01-25 18:33 - 2014-01-04 21:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2015-01-22 18:49 - 2014-01-23 18:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-22 18:47 - 2014-01-23 18:33 - 00195584 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2015-01-21 22:33 - 2014-01-09 03:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2015-01-21 21:56 - 2014-01-04 21:06 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Nitro PDF
2015-01-21 10:23 - 2014-01-23 18:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-19 20:10 - 2014-01-14 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 20:07 - 2014-01-14 18:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-16 18:09 - 2014-11-16 18:31 - 0006656 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 21:12 - 2013-10-31 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 18:27

==================== End Of Log ============================

--- --- ---

cosinus · 08.02.2015, 14:01

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Enno123 · 08.02.2015, 20:51

Hallo

Hier nochmal der gesamte FRST LOG und die Addition.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Friedrich (administrator) on FAMILIEN-PC on 08-02-2015 20:43:56
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {2c12b5d6-4260-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {fc3721b7-8868-11e4-bea4-a4db3035b3cf} - "F:\AutoRun.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3631515150-3942624288-380681899-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150122.001\IDSvia64.sys [668888 2015-01-09] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 18:42 - 2015-02-07 18:42 - 00000618 _____ () C:\Users\Friedrich\Desktop\JRT.txt
2015-02-07 18:37 - 2015-02-07 18:37 - 01388274 _____ (Thisisu) C:\Users\Friedrich\Desktop\JRT.exe
2015-02-07 18:18 - 2015-02-07 18:18 - 02112512 _____ () C:\Users\Friedrich\Desktop\AdwCleaner_4.110.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Friedrich\Desktop\revosetup95.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 00001291 _____ () C:\Users\Friedrich\Desktop\Revo Uninstaller.lnk
2015-02-07 18:07 - 2015-02-07 18:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 17:54 - 2015-02-07 17:55 - 00035784 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2015-02-07 17:52 - 2015-02-08 20:44 - 00020351 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2015-02-07 17:50 - 2015-02-07 17:50 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2015-02-07 16:29 - 2015-02-07 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:28 - 2015-02-07 16:28 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-07 16:27 - 2015-02-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 19:19 - 2015-02-04 19:19 - 00000581 _____ () C:\Users\Public\Desktop\OMSI.lnk
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Friedrich\Neuer Ordner
2015-01-31 16:33 - 2015-01-31 16:35 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00 (1).zip
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-31 16:25 - 2015-01-31 16:28 - 05344984 _____ (Dll-Files.com ) C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Friedrich\SDK
2015-01-31 15:31 - 2015-01-31 15:33 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00.zip
2015-01-30 18:22 - 2015-01-30 18:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dlg
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-30 17:38 - 2015-01-30 17:38 - 00620960 _____ () C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe
2015-01-21 22:34 - 2015-01-21 22:34 - 00000000 ____D () C:\ProgramData\CanonIJ
2015-01-21 10:23 - 2015-01-22 18:47 - 00001321 _____ () C:\Users\Friedrich\Desktop\Norton-Installationsdateien.lnk
2015-01-21 10:20 - 2015-01-21 10:22 - 01038256 _____ (Symantec Corporation) C:\Users\Friedrich\Downloads\NSDownloader.exe
2015-01-18 20:21 - 2015-01-18 20:21 - 00000022 _____ () C:\Users\Friedrich\Desktop\Neuer ZIP-komprimierter Ordner.zip
2015-01-15 17:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 17:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 17:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 17:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 17:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 17:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 17:15 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 17:15 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 17:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-15 17:14 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-09 19:09 - 2015-01-09 19:09 - 00001958 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2015-01-09 19:09 - 2015-01-09 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 20:43 - 2014-07-10 16:54 - 00000000 ____D () C:\FRST
2015-02-08 20:41 - 2014-11-09 14:35 - 01310894 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-08 20:40 - 2014-12-08 19:23 - 00000000 ___RD () C:\Users\Friedrich\OneDrive
2015-02-08 20:40 - 2014-07-02 20:54 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-08 19:32 - 2014-11-28 22:05 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E6E468D-611E-4B19-A146-35BF380A5742}
2015-02-08 19:21 - 2014-01-04 05:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2015-02-08 19:17 - 2014-07-02 20:54 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 18:30 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-08 18:30 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-08 18:30 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-08 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 01:12 - 2014-07-02 20:54 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 01:12 - 2014-07-02 20:54 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 18:34 - 2014-11-09 14:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 18:34 - 2014-09-23 22:06 - 00013968 _____ () C:\WINDOWS\PFRO.log
2015-02-07 18:34 - 2013-08-22 15:46 - 00333900 _____ () C:\WINDOWS\setupact.log
2015-02-07 18:34 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-07 18:33 - 2014-11-09 16:55 - 00001026 _____ () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00001309 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 18:33 - 2014-02-01 17:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 18:33 - 2013-10-31 21:14 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-07 18:33 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-07 17:32 - 2014-07-10 16:55 - 00039324 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2015-02-07 17:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 20:26 - 2014-01-23 20:16 - 00000000 ____D () C:\ProgramData\tmp
2015-02-04 19:19 - 2014-12-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-02-04 19:19 - 2013-10-31 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-01 20:20 - 2014-01-09 03:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 18:51 - 2014-01-04 05:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-01-31 17:40 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\Friedrich\Desktop\Basti
2015-01-31 16:42 - 2014-11-09 14:43 - 00000000 ____D () C:\Users\Friedrich
2015-01-25 18:33 - 2014-01-04 21:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2015-01-22 18:49 - 2014-01-23 18:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-22 18:47 - 2014-01-23 18:33 - 00195584 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2015-01-21 22:33 - 2014-01-09 03:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2015-01-21 21:56 - 2014-01-04 21:06 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Nitro PDF
2015-01-21 10:23 - 2014-01-23 18:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-19 20:10 - 2014-01-14 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 20:07 - 2014-01-14 18:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-16 18:09 - 2014-11-16 18:31 - 0006656 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 21:12 - 2013-10-31 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 19:03

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by Friedrich at 2015-02-08 20:44:31
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
MykIS 3.79 (HKLM-x32\...\MykIS_is1) (Version:  - Frank Dämmrich)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI - Stadtbus O305 (HKLM-x32\...\{3EF2A817-4ADC-46F7-8441-46DFCE158D72}) (Version: 1.10 - aerosoft)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3631515150-3942624288-380681899-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

19-01-2015 20:06:43 Windows Update
25-01-2015 17:55:29 Windows Update
29-01-2015 20:23:32 Windows Update
31-01-2015 17:00:28 DLL-Files Fixer Sa, Jan 31, 15  17:00
01-02-2015 17:31:19 Installiert OMSI - Der Omnibussimulator
04-02-2015 19:14:35 Entfernt OMSI - Der Omnibussimulator
07-02-2015 18:10:08 Revo Uninstaller's restore point - Wajam

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1321752F-38A4-45B0-92AE-FCD05F103CAA} - System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => pcalua.exe -a C:\Users\Friedrich\AppData\Local\Temp\AutoRun.exe -d C:\Users\Friedrich\AppData\Local\Temp
Task: {16045421-3BAC-4200-9E9B-F8DAA0879D1B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2D863859-2101-40C8-8A58-D2BC53D6D35F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {48179583-930A-4DD4-BB62-A1CCD8574608} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {52C3DF30-2B70-4EF0-9986-CF183C07F9B3} - System32\Tasks\{C15D3A28-2A2B-4DE7-BE95-482ED97C5CAC} => pcalua.exe -a E:\3DSetup\3DSetup.exe -d E:\3DSetup
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {8E8E8AA4-7EFD-418A-952D-76468C375355} - System32\Tasks\{72FDB9AC-D44A-4B43-9DB7-8B565388817B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {979B44C7-E2A4-4D9C-B2CC-2FD5BC8896EB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {B222638D-0C84-4B69-B7D9-C1DA442421E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 03:49 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 18:16 - 2014-07-01 18:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-12-26 19:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-06-28 06:02 - 2013-06-28 06:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 06:07 - 2013-06-28 06:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-07-01 18:16 - 2014-07-01 18:15 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-10-31 20:43 - 2013-05-16 03:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Friedrich\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Friedrich\Videos\Modelleisenbahn\image-177680-f298a946.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3631515150-3942624288-380681899-500 - Administrator - Disabled)
Friedrich (S-1-5-21-3631515150-3942624288-380681899-1002 - Administrator - Enabled) => C:\Users\Friedrich
Gast (S-1-5-21-3631515150-3942624288-380681899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3631515150-3942624288-380681899-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-3631515150-3942624288-380681899-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 07:28:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1490

Startzeit: 01d043cc44ecf265

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 39e2f7ce-afc0-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 07:22:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/08/2015 07:09:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b4c

Startzeit: 01d043c98b843d17

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 7efff19a-afbd-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 07:00:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: db8

Startzeit: 01d043c858dc0378

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 4c593f5d-afbc-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:38:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e14

Startzeit: 01d043c563a283b8

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 57a27cf0-afb9-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b60

Startzeit: 01d043c498b9a015

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 8c61fc52-afb8-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:27:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 183c

Startzeit: 01d043c3cde9f78a

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: c1acf73e-afb7-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:22:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b84

Startzeit: 01d043c307e547f6

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: fbb7bba1-afb6-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1850

Startzeit: 01d043c1f8c35413

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: ec438f80-afb5-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b84

Startzeit: 01d043c09fd1cd84

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 95c8555a-afb4-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (02/08/2015 02:09:58 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 02:09:28 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 02:08:19 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 02:07:49 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 00:43:22 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 00:42:52 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 00:42:22 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/08/2015 00:41:52 AM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/07/2015 07:38:47 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/07/2015 07:38:17 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (02/08/2015 07:28:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384149001d043cc44ecf2654294967295C:\WINDOWS\system32\backgroundTaskHost.exe39e2f7ce-afc0-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 07:22:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/08/2015 07:09:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b4c01d043c98b843d174294967295C:\WINDOWS\system32\backgroundTaskHost.exe7efff19a-afbd-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 07:00:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384db801d043c858dc03784294967295C:\WINDOWS\system32\backgroundTaskHost.exe4c593f5d-afbc-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:38:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384e1401d043c563a283b84294967295C:\WINDOWS\system32\backgroundTaskHost.exe57a27cf0-afb9-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b6001d043c498b9a0154294967295C:\WINDOWS\system32\backgroundTaskHost.exe8c61fc52-afb8-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:27:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384183c01d043c3cde9f78a4294967295C:\WINDOWS\system32\backgroundTaskHost.exec1acf73e-afb7-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:22:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841b8401d043c307e547f64294967295C:\WINDOWS\system32\backgroundTaskHost.exefbb7bba1-afb6-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384185001d043c1f8c354134294967295C:\WINDOWS\system32\backgroundTaskHost.exeec438f80-afb5-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:04:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b8401d043c09fd1cd844294967295C:\WINDOWS\system32\backgroundTaskHost.exe95c8555a-afb4-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp


CodeIntegrity Errors:
===================================
  Date: 2015-01-25 18:32:52.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 20:21:38.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 19:10:47.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:57:05.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 16:59:50.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 18:07:05.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-28 21:51:29.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-21 18:40:52.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-18 19:23:05.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-16 18:12:44.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 7944.27 MB
Available physical RAM: 6130.17 MB
Total Pagefile: 16648.27 MB
Available Pagefile: 14702.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.34 GB) (Free:355.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (OMSI) (CDROM) (Total:1.65 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6E0DC121)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 08.02.2015, 22:42

FRST bitte neu runterladen und mit der neuen Version Logs machen, da gab es anscheinend ein paar kleinere Bugs

Enno123 · 09.02.2015, 21:12

Okay alles Nochmal mit neuer Version

FRST_LOG:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Friedrich (administrator) on FAMILIEN-PC on 09-02-2015 21:07:57
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_6.3.9600.20280_x64__8wekyb3d8bbwe\soundrec.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {2c12b5d6-4260-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {fc3721b7-8868-11e4-bea4-a4db3035b3cf} - "F:\AutoRun.exe" 
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3631515150-3942624288-380681899-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3631515150-3942624288-380681899-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150122.001\IDSvia64.sys [668888 2015-01-09] (Symantec Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150122.039\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 21:07 - 2015-02-09 21:08 - 00020287 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2015-02-09 21:07 - 2015-02-09 21:07 - 02132992 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2015-02-09 19:20 - 2015-02-09 19:20 - 00001026 _____ () C:\Users\Friedrich\Desktop\Internet Explorer.lnk
2015-02-07 18:42 - 2015-02-07 18:42 - 00000618 _____ () C:\Users\Friedrich\Desktop\JRT.txt
2015-02-07 18:37 - 2015-02-07 18:37 - 01388274 _____ (Thisisu) C:\Users\Friedrich\Desktop\JRT.exe
2015-02-07 18:18 - 2015-02-07 18:18 - 02112512 _____ () C:\Users\Friedrich\Desktop\AdwCleaner_4.110.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Friedrich\Desktop\revosetup95.exe
2015-02-07 18:07 - 2015-02-07 18:07 - 00001291 _____ () C:\Users\Friedrich\Desktop\Revo Uninstaller.lnk
2015-02-07 18:07 - 2015-02-07 18:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-07 17:52 - 2015-02-07 17:52 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64 (1).exe
2015-02-07 17:50 - 2015-02-07 17:50 - 02132992 _____ (Farbar) C:\Users\Friedrich\Downloads\FRST64.exe
2015-02-07 16:29 - 2015-02-07 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 16:28 - 2015-02-07 16:28 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2015-02-07 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-07 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-07 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-07 16:27 - 2015-02-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Friedrich\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 19:19 - 2015-02-04 19:19 - 00000581 _____ () C:\Users\Public\Desktop\OMSI.lnk
2015-01-31 16:42 - 2015-01-31 16:42 - 00000000 ____D () C:\Users\Friedrich\Neuer Ordner
2015-01-31 16:33 - 2015-01-31 16:35 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00 (1).zip
2015-01-31 16:29 - 2015-01-31 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2015-01-31 16:25 - 2015-01-31 16:28 - 05344984 _____ (Dll-Files.com ) C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe
2015-01-31 15:34 - 2015-01-31 15:34 - 00000000 ____D () C:\Users\Friedrich\SDK
2015-01-31 15:31 - 2015-01-31 15:33 - 03767384 _____ () C:\Users\Friedrich\Downloads\OMSI-SDK_Tools_1.00.zip
2015-01-30 18:22 - 2015-01-30 18:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\dlg
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-30 18:11 - 2015-01-30 18:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-30 17:38 - 2015-01-30 17:38 - 00620960 _____ () C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe
2015-01-21 22:34 - 2015-01-21 22:34 - 00000000 ____D () C:\ProgramData\CanonIJ
2015-01-21 10:23 - 2015-01-22 18:47 - 00001321 _____ () C:\Users\Friedrich\Desktop\Norton-Installationsdateien.lnk
2015-01-21 10:20 - 2015-01-21 10:22 - 01038256 _____ (Symantec Corporation) C:\Users\Friedrich\Downloads\NSDownloader.exe
2015-01-18 20:21 - 2015-01-18 20:21 - 00000022 _____ () C:\Users\Friedrich\Desktop\Neuer ZIP-komprimierter Ordner.zip
2015-01-15 17:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-15 17:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-15 17:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-15 17:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-15 17:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-15 17:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-15 17:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 17:15 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-15 17:15 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-15 17:15 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-15 17:15 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-15 17:15 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-15 17:15 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-15 17:15 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-15 17:15 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-15 17:15 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-15 17:14 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 21:07 - 2014-07-10 16:54 - 00000000 ____D () C:\FRST
2015-02-09 21:06 - 2014-11-09 14:35 - 01565415 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-09 21:05 - 2014-12-08 19:23 - 00000000 ___RD () C:\Users\Friedrich\OneDrive
2015-02-09 21:05 - 2014-07-02 20:54 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 21:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-09 20:17 - 2014-07-02 20:54 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 19:23 - 2014-01-04 05:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2015-02-09 18:52 - 2014-11-28 22:05 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7E6E468D-611E-4B19-A146-35BF380A5742}
2015-02-09 18:51 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 18:51 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-09 18:51 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-09 18:47 - 2014-11-09 14:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-09 18:47 - 2013-08-22 15:46 - 00333977 _____ () C:\WINDOWS\setupact.log
2015-02-09 18:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-09 18:46 - 2013-10-31 21:14 - 00010752 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-09 18:46 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-08 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 01:12 - 2014-07-02 20:54 - 00004114 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 01:12 - 2014-07-02 20:54 - 00003878 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 18:34 - 2014-09-23 22:06 - 00013968 _____ () C:\WINDOWS\PFRO.log
2015-02-07 18:33 - 2014-11-09 16:55 - 00001026 _____ () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00001309 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 18:33 - 2014-07-02 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-07 18:33 - 2014-02-01 17:25 - 00000000 ____D () C:\AdwCleaner
2015-02-07 17:32 - 2014-07-10 16:55 - 00039324 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2015-02-07 17:21 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 20:26 - 2014-01-23 20:16 - 00000000 ____D () C:\ProgramData\tmp
2015-02-04 19:19 - 2014-12-08 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2015-02-04 19:19 - 2013-10-31 20:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 20:31 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 19:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-01 20:20 - 2014-01-09 03:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-31 18:51 - 2014-01-04 05:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2015-01-31 17:40 - 2014-12-13 18:27 - 00000000 ____D () C:\Users\Friedrich\Desktop\Basti
2015-01-31 16:42 - 2014-11-09 14:43 - 00000000 ____D () C:\Users\Friedrich
2015-01-25 18:33 - 2014-01-04 21:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2015-01-22 18:49 - 2014-01-23 18:33 - 00000000 ____D () C:\ProgramData\Norton
2015-01-22 18:47 - 2014-01-23 18:33 - 00195584 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2015-01-21 22:33 - 2014-01-09 03:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2015-01-21 21:56 - 2014-01-04 21:06 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Nitro PDF
2015-01-21 10:23 - 2014-01-23 18:33 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-19 20:10 - 2014-01-14 18:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-19 20:07 - 2014-01-14 18:58 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-16 18:09 - 2014-11-16 18:31 - 0006656 _____ () C:\Users\Friedrich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-31 21:12 - 2013-10-31 21:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-07 19:03

==================== End Of Log ============================

--- --- ---

Addition_TxT:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Friedrich at 2015-02-09 21:09:11
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
MykIS 3.79 (HKLM-x32\...\MykIS_is1) (Version:  - Frank Dämmrich)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Treiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
OMSI - Der Omnibussimulator (HKLM-x32\...\{9AE850A4-B89D-4875-A159-B1B64D717EFB}) (Version: 1.04 - aerosoft)
OMSI - Stadtbus O305 (HKLM-x32\...\{3EF2A817-4ADC-46F7-8441-46DFCE158D72}) (Version: 1.10 - aerosoft)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3631515150-3942624288-380681899-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

19-01-2015 20:06:43 Windows Update
25-01-2015 17:55:29 Windows Update
29-01-2015 20:23:32 Windows Update
31-01-2015 17:00:28 DLL-Files Fixer Sa, Jan 31, 15  17:00
01-02-2015 17:31:19 Installiert OMSI - Der Omnibussimulator
04-02-2015 19:14:35 Entfernt OMSI - Der Omnibussimulator
07-02-2015 18:10:08 Revo Uninstaller's restore point - Wajam

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1321752F-38A4-45B0-92AE-FCD05F103CAA} - System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => pcalua.exe -a C:\Users\Friedrich\AppData\Local\Temp\AutoRun.exe -d C:\Users\Friedrich\AppData\Local\Temp
Task: {16045421-3BAC-4200-9E9B-F8DAA0879D1B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2D863859-2101-40C8-8A58-D2BC53D6D35F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {48179583-930A-4DD4-BB62-A1CCD8574608} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {52C3DF30-2B70-4EF0-9986-CF183C07F9B3} - System32\Tasks\{C15D3A28-2A2B-4DE7-BE95-482ED97C5CAC} => pcalua.exe -a E:\3DSetup\3DSetup.exe -d E:\3DSetup
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {8E8E8AA4-7EFD-418A-952D-76468C375355} - System32\Tasks\{72FDB9AC-D44A-4B43-9DB7-8B565388817B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {979B44C7-E2A4-4D9C-B2CC-2FD5BC8896EB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {B222638D-0C84-4B69-B7D9-C1DA442421E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 03:49 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 18:16 - 2014-07-01 18:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 21:14 - 2013-10-31 21:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-12-26 19:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-06-28 06:02 - 2013-06-28 06:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 06:00 - 2013-06-28 06:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 06:07 - 2013-06-28 06:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-10-03 17:36 - 2014-10-03 17:36 - 17284400 _____ () C:\WINDOWS\SYSTEM32\igd11dxva64.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-01 18:16 - 2014-07-01 18:15 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-10-31 20:43 - 2013-05-16 03:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-07 17:17 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Friedrich\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3631515150-3942624288-380681899-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Friedrich\Videos\Modelleisenbahn\image-177680-f298a946.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3631515150-3942624288-380681899-500 - Administrator - Disabled)
Friedrich (S-1-5-21-3631515150-3942624288-380681899-1002 - Administrator - Enabled) => C:\Users\Friedrich
Gast (S-1-5-21-3631515150-3942624288-380681899-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3631515150-3942624288-380681899-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-3631515150-3942624288-380681899-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 06:59:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 153c

Startzeit: 01d0449120d16c73

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 6db2f880-b085-11e4-beab-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 07:28:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1490

Startzeit: 01d043cc44ecf265

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 39e2f7ce-afc0-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 07:22:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/08/2015 07:09:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b4c

Startzeit: 01d043c98b843d17

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 7efff19a-afbd-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 07:00:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: db8

Startzeit: 01d043c858dc0378

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 4c593f5d-afbc-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:38:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e14

Startzeit: 01d043c563a283b8

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 57a27cf0-afb9-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b60

Startzeit: 01d043c498b9a015

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 8c61fc52-afb8-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:27:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 183c

Startzeit: 01d043c3cde9f78a

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: c1acf73e-afb7-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:22:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b84

Startzeit: 01d043c307e547f6

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: fbb7bba1-afb6-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/08/2015 06:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1850

Startzeit: 01d043c1f8c35413

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: ec438f80-afb5-11e4-beaa-a4db3035b3cf

Vollständiger Name des fehlerhaften Pakets: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App


System errors:
=============
Error: (02/09/2015 06:52:04 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse 00-1F-3A-37-CC-7B ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (02/09/2015 06:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (02/09/2015 06:47:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (02/09/2015 06:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/09/2015 06:47:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (02/09/2015 06:46:43 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 06:46:43 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 06:46:37 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 06:46:37 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/09/2015 06:46:37 PM) (Source: DCOM) (EventID: 10010) (User: FAMILIEN-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/09/2015 06:59:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384153c01d0449120d16c734294967295C:\WINDOWS\system32\backgroundTaskHost.exe6db2f880-b085-11e4-beab-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 07:28:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384149001d043cc44ecf2654294967295C:\WINDOWS\system32\backgroundTaskHost.exe39e2f7ce-afc0-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 07:22:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/08/2015 07:09:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b4c01d043c98b843d174294967295C:\WINDOWS\system32\backgroundTaskHost.exe7efff19a-afbd-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 07:00:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384db801d043c858dc03784294967295C:\WINDOWS\system32\backgroundTaskHost.exe4c593f5d-afbc-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:38:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384e1401d043c563a283b84294967295C:\WINDOWS\system32\backgroundTaskHost.exe57a27cf0-afb9-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384b6001d043c498b9a0154294967295C:\WINDOWS\system32\backgroundTaskHost.exe8c61fc52-afb8-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:27:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384183c01d043c3cde9f78a4294967295C:\WINDOWS\system32\backgroundTaskHost.exec1acf73e-afb7-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:22:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841b8401d043c307e547f64294967295C:\WINDOWS\system32\backgroundTaskHost.exefbb7bba1-afb6-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (02/08/2015 06:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384185001d043c1f8c354134294967295C:\WINDOWS\system32\backgroundTaskHost.exeec438f80-afb5-11e4-beaa-a4db3035b3cfC59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp


CodeIntegrity Errors:
===================================
  Date: 2015-02-09 20:47:21.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 20:47:11.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 20:47:07.151
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 20:46:33.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-25 18:32:52.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 20:21:38.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-18 19:10:47.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-19 17:57:05.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-16 16:59:50.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-15 18:07:05.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 7944.27 MB
Available physical RAM: 6159.02 MB
Total Pagefile: 16648.27 MB
Available Pagefile: 14749.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.34 GB) (Free:355.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (OMSI) (CDROM) (Total:1.65 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6E0DC121)

Partition: GPT Partition Type.

==================== End Of Log ============================

cosinus · 09.02.2015, 21:28

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> http://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "http://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
Task: {1321752F-38A4-45B0-92AE-FCD05F103CAA} - System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => pcalua.exe -a C:\Users\Friedrich\AppData\Local\Temp\AutoRun.exe -d C:\Users\Friedrich\AppData\Local\Temp
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Enno123 · 09.02.2015, 21:45

So hier der Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Friedrich at 2015-02-09 21:41:36 Run:2
Running from C:\Users\Friedrich\Desktop
Loaded Profiles: Friedrich (Available profiles: UpdatusUser & Friedrich)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64209;https=127.0.0.1:64209
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1422636106&from=cvs&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR DefaultSearchKeyword: Default -> webssearches
CHR DefaultSuggestURL: Default -> 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
Task: {1321752F-38A4-45B0-92AE-FCD05F103CAA} - System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => pcalua.exe -a C:\Users\Friedrich\AppData\Local\Temp\AutoRun.exe -d C:\Users\Friedrich\AppData\Local\Temp
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:
Hosts:
         
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1321752F-38A4-45B0-92AE-FCD05F103CAA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1321752F-38A4-45B0-92AE-FCD05F103CAA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52E21CFF-8F70-46B3-A37C-5875C9F6E9EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0FE4068-D4C3-418C-8AFF-4BFBC10CA421}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FE4068-D4C3-418C-8AFF-4BFBC10CA421}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDA0AB38-0C5F-4EC2-B621-643726D533DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDA0AB38-0C5F-4EC2-B621-643726D533DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-chromeinstaller" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:41:51 ====

cosinus · 09.02.2015, 21:48

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Enno123 · 10.02.2015, 15:39

Hallo

Hier der LOG Von MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.02.2015
Suchlauf-Zeit: 21:56:59
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.09.09
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Friedrich

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 395917
Verstrichene Zeit: 10 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.Optional.WebsSearches.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Keine Aktion durch Benutzer, [da38d842e7a3a78f417ed2b83dc623dd], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Und der Log von Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c8f9d6f4af718240a68786de0665e893
# engine=19118
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-10 07:57:00
# local_time=2014-07-10 09:57:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 2332153 167618805 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4587286 21747052 0 0
# scanned=2661
# found=59
# cleaned=0
# scan_time=123
sh=6D92001B0E31EB328F2F1281F058F017AED051CC ft=1 fh=8e8f8fe413887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3631515150-3942624288-380681899-1002\$RFC4XQE.exe"
sh=5A3BF792E02A8EF89D0F14E344DDF6AD9D6503CA ft=1 fh=d8a8aa49ce4e751c vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=6333DA667A1DB6B690F322886EF8B4DACECD7FE3 ft=1 fh=b02a9a0fb9ff7cbb vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=93DC7D6BB28C238630D65A2766577262C43D17E9 ft=1 fh=f75d7f7c3c1fd884 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=EE6AFC06E9FC0BA41CD4E64ACEE33E02A97304ED ft=1 fh=8ffa53bbc1007075 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawl.FirstRun.exe.vir"
sh=A18E87BF9502AB8383AC8F47D50E52E61B3701CE ft=1 fh=a8b925542aff0cdc vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir"
sh=559098AD3CB018354990C7F0F0E7650753A1B0F5 ft=1 fh=af14b48840b7b33b vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=98AE5B113BA10E70A783DD5BFBD64763E52369BA ft=1 fh=5c8393776706a0f9 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir"
sh=3877888B90BCB1AAAA74A84F511E8B3AFDE4449E ft=1 fh=bb895b92448b7ab0 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawlBAApp.dll.vir"
sh=BFEF4D539EE292A3A4AE67EACF8DB762434BA685 ft=1 fh=eeffc819dde3edcb vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\tmp582C.tmp.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=1095CE5F67B676553EF0E4D009033FD2948D7001 ft=1 fh=61d1870350d80342 vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.dll.vir"
sh=6D0A0E75234CFFFCA364BCDCA6F43A33C0FB4B97 ft=1 fh=dcc3f89ea38575c1 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=6B50EC3E4976ACC3B5CF94E2806689758F7C03AD ft=1 fh=fd05272c278a9c36 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=A2D62287D06494EB2E945A53ECD71A4E933F1E6C ft=1 fh=822ee196c935c5a5 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=A806628D7D03174B04018A97BC27B0F801DB0DB6 ft=1 fh=a61f1a2fb18a1df4 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=5BE8D9B4E3BB25D6E0030EB3A169BD00E0D3026B ft=1 fh=11454ae4b2e345b8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=CA61C417768E35A33CF3A8CA720273D0DB1CE37B ft=1 fh=755d293591b42157 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=E4356790E8B54F4DFC776E40044C4714692B66E2 ft=1 fh=c4c869c82ce96294 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=CAAD5F17261C70EBAC4B32B72FCF2F73188B8945 ft=1 fh=5f5a1e3dc4e2d151 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir"
sh=43DAB2E06BCB207547CA2003F1128B8AFBEC4A70 ft=1 fh=6f683cd2ddfa27a2 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=A4288F6199A396CC6990CC6A2FE8C9C4F4281E7A ft=1 fh=ba0a77b5a7aeeba0 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir"
sh=4E6C684003EEEBE5740552B4ADC6DA2E954E513A ft=1 fh=66b8c175df952644 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe.vir"
sh=F448380C9F4B962AB2E3BA96F2E1FEF83BE9AB00 ft=1 fh=7cf7cd3d2482f7f9 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\utils.exe.vir"
sh=E5D10734FD19C4B3933E89E409995BD65B0525AE ft=1 fh=2cfbb955d3345716 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir"
sh=F61ADDD0326A03685A35637BC704EB1959DC84C4 ft=1 fh=975f0524bf1774c5 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir"
sh=CEF467C0BE097DA999FECFDD9D187688C078B63F ft=1 fh=c7d71faf258672d3 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\105_corticas_m.js.vir"
sh=DA209282A25696B4D678B78442C261C5D81DC81B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=408125466C1087F1B28C7C43745E9E1F3480201C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=00211CE73FB698A04BEF6622CB5B086D520B896D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=DB730C30AB384D45E22D00304F1103E934CB33B9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=94D9025E35A51C71746811F94F4AA5EFC9133252 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=5DDA8EE6DC4476C71431F32A0F30C6FD7CAA52E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9D9234F1D8FDD30567D6065910A6CDE37B4E44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=821D36C18C8B253E6C0134438A703940AC129AAE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=973BFB4B71CFC651B94477FB244D6A0CA5996BE5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir"
sh=92E7DC56EE14A18092820D63C12D3D188F674628 ft=1 fh=fed897558cb51fb4 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir"
sh=D3844CBC91D713BCE1C7C3DFEA7CA6D01C02B3E6 ft=1 fh=0894c982039ce88a vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\VOPackage\Uninstall.exe.vir"
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c8f9d6f4af718240a68786de0665e893
# engine=19118
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-11 12:24:24
# local_time=2014-07-11 02:24:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 2348197 167634849 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4603330 21763096 0 0
# scanned=254179
# found=98
# cleaned=0
# scan_time=15487
sh=6D92001B0E31EB328F2F1281F058F017AED051CC ft=1 fh=8e8f8fe413887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3631515150-3942624288-380681899-1002\$RFC4XQE.exe"
sh=5A3BF792E02A8EF89D0F14E344DDF6AD9D6503CA ft=1 fh=d8a8aa49ce4e751c vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=6333DA667A1DB6B690F322886EF8B4DACECD7FE3 ft=1 fh=b02a9a0fb9ff7cbb vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=93DC7D6BB28C238630D65A2766577262C43D17E9 ft=1 fh=f75d7f7c3c1fd884 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=EE6AFC06E9FC0BA41CD4E64ACEE33E02A97304ED ft=1 fh=8ffa53bbc1007075 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawl.FirstRun.exe.vir"
sh=A18E87BF9502AB8383AC8F47D50E52E61B3701CE ft=1 fh=a8b925542aff0cdc vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir"
sh=98AE5B113BA10E70A783DD5BFBD64763E52369BA ft=1 fh=5c8393776706a0f9 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir"
sh=BFEF4D539EE292A3A4AE67EACF8DB762434BA685 ft=1 fh=eeffc819dde3edcb vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\tmp582C.tmp.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=6D0A0E75234CFFFCA364BCDCA6F43A33C0FB4B97 ft=1 fh=dcc3f89ea38575c1 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=6B50EC3E4976ACC3B5CF94E2806689758F7C03AD ft=1 fh=fd05272c278a9c36 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=A2D62287D06494EB2E945A53ECD71A4E933F1E6C ft=1 fh=822ee196c935c5a5 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=A806628D7D03174B04018A97BC27B0F801DB0DB6 ft=1 fh=a61f1a2fb18a1df4 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=5BE8D9B4E3BB25D6E0030EB3A169BD00E0D3026B ft=1 fh=11454ae4b2e345b8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=CA61C417768E35A33CF3A8CA720273D0DB1CE37B ft=1 fh=755d293591b42157 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=E4356790E8B54F4DFC776E40044C4714692B66E2 ft=1 fh=c4c869c82ce96294 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=CAAD5F17261C70EBAC4B32B72FCF2F73188B8945 ft=1 fh=5f5a1e3dc4e2d151 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=43DAB2E06BCB207547CA2003F1128B8AFBEC4A70 ft=1 fh=6f683cd2ddfa27a2 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=ECE8F40A3CE808709152E0BFF701CC82C5E904F6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.crx.vir"
sh=CB84F4ABDC528FD24D9AC69B5981F3A64EE812DE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.xpi.vir"
sh=A4288F6199A396CC6990CC6A2FE8C9C4F4281E7A ft=1 fh=ba0a77b5a7aeeba0 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir"
sh=4E6C684003EEEBE5740552B4ADC6DA2E954E513A ft=1 fh=66b8c175df952644 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe.vir"
sh=F448380C9F4B962AB2E3BA96F2E1FEF83BE9AB00 ft=1 fh=7cf7cd3d2482f7f9 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\utils.exe.vir"
sh=FFEC56FADE93CDC75BE54088182436632BE47C08 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir"
sh=E5D10734FD19C4B3933E89E409995BD65B0525AE ft=1 fh=2cfbb955d3345716 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir"
sh=F61ADDD0326A03685A35637BC704EB1959DC84C4 ft=1 fh=975f0524bf1774c5 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir"
sh=CEF467C0BE097DA999FECFDD9D187688C078B63F ft=1 fh=c7d71faf258672d3 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\105_corticas_m.js.vir"
sh=DA209282A25696B4D678B78442C261C5D81DC81B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=408125466C1087F1B28C7C43745E9E1F3480201C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=00211CE73FB698A04BEF6622CB5B086D520B896D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=DB730C30AB384D45E22D00304F1103E934CB33B9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=94D9025E35A51C71746811F94F4AA5EFC9133252 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=5DDA8EE6DC4476C71431F32A0F30C6FD7CAA52E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9D9234F1D8FDD30567D6065910A6CDE37B4E44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=821D36C18C8B253E6C0134438A703940AC129AAE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=973BFB4B71CFC651B94477FB244D6A0CA5996BE5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir"
sh=92E7DC56EE14A18092820D63C12D3D188F674628 ft=1 fh=fed897558cb51fb4 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir"
sh=D3844CBC91D713BCE1C7C3DFEA7CA6D01C02B3E6 ft=1 fh=0894c982039ce88a vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=6EE426E950941E65AA1AD22690844ECE31651FEA ft=1 fh=6d2a042f59d199b8 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Trend\EEP7\EEP7.exe"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe"
sh=2860D062EC1AE1D58870818B4459F01E67541BFB ft=1 fh=1424bb462488f869 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\AppData\Local\Temp\29c2217fff8359d2c648e0ce94c6c82b\sweetpage294wld_n2.exe"
sh=C9850E490D5ADF04159E49BD790CCCFA151D2EAC ft=1 fh=c77e63c9ff6eb58d vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418562_stp\OptimizerPro_600.exe"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418600_stp\uninstaller.exe"
sh=3725A2BC611F114872A93916484F1498E7FFF0D2 ft=1 fh=4fcd75e013887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\Bus-Simulator-2012-lnstall.exe"
sh=8299C40D778D2A13DD5F12F97A4088FB17338502 ft=1 fh=26d539751dfaf14c vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe"
sh=F8AADCBB574F8AE9B99F9F8217404B2B0DAE597C ft=1 fh=db518e1afa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\Loksim3D-lnstall.exe"
sh=3643E4675782AC4966D3B102B920E4D3474BE11A ft=1 fh=3b818190d3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe"
sh=D62FA2F8AE92CED8F18FFA0D7B8D1E7D6C36D9D2 ft=1 fh=41ba4f8613887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall.exe"
sh=6626229C469C17F6FB68A3C17AA824B3197735EE ft=1 fh=c748ff92a00cdbfb vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe"
sh=DD01918DEF40A0795FA5244AC2D99DA77874B4A0 ft=1 fh=76b2c5efbf2a88f2 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\setup-loksim3d-update-2-8-2a-Downloader.exe"
sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\Downloads\ccsetup325.exe"
sh=FB70A5A3E8CEA0A67CE4E87E7A716BE2BD8F59AD ft=1 fh=beaf8b70fef9c2b2 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\CombineZP - CHIP-Downloader.exe"
sh=E23CE6B2DB20A89BDA02946F481133B919B306BA ft=1 fh=1ac8c1460e7ec122 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="F:\Downloads\FoxitReader6011.0225_L10N_Setup.exe"
sh=460DF34D0C766CBCCE7D25F17A2A7A982B26C228 ft=1 fh=485dc196c0447f0f vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Picasa - CHIP-Downloader (1).exe"
sh=9FEEBEC2056226F56C68462697D30FBB3F766F2B ft=1 fh=2a24b25dd4293a83 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Picasa - CHIP-Downloader.exe"
sh=7FC759AB281B9DC0908B8CFFE9E878B51EB0943B ft=1 fh=0caed3c60cba14b8 vn="Variante von Win32/AdWare.iBryte.AE Anwendung" ac=I fn="F:\Downloads\Setup.exe"
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Downloads\Integrated_CT2325506.exe"
sh=41BE9C4A5AA0904F213A2E6FE2C5CCAD7089B422 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 1.zip"
sh=B670FE3EB2B9F8A871AE8D261682C21C79A48B80 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 10.zip"
sh=DC3081D26B1502EBDEE455FF3B11DA6C329A8C46 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 11.zip"
sh=713869234BC77650324AA222733F96FEC37CEC32 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 12.zip"
sh=1505612FF2367CC10D5E6F713A044FD89B93F857 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 18.zip"
sh=8AFD5D11138BB5FA567515031F80F742B177E739 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 2.zip"
sh=7914245D512F94165B65C7CA75D823F785517ACA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 10.zip"
sh=5B585BA7C7CBB60499907C291D178EF22B705FCF ft=0 fh=0000000000000000 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 15.zip"
sh=6FA5357E6BAB2948237A2854634705A193D86BE3 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 5.zip"
sh=77436988390E564E720D4074C90246EC8EE1BE3A ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 7.zip"
sh=FD06BFFA2C829D1CE6EE771D629DEEF29A92E7EB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 8.zip"
sh=2567B7758D4712E976C5FE4FA6019A287E2B976D ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 5.zip"
sh=D643585B2C56057196CF40047EB93D1BCFBC2F7E ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 9.zip"
sh=A9EC5C8935D6A7D14FEA1E8B7C8922BA14CADFCC ft=0 fh=0000000000000000 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 8.zip"
sh=10A148CDB308BA13BD13D30E272A23E265A01EE1 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 9.zip"
sh=BDF6FA8CEC7C248F6DE0063B80C209CC1512FFEC ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-11 193946\Backup files 4.zip"
sh=C1F48412AF16CCD2FAF33C561149F4A640B1B912 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-25 193544\Backup files 3.zip"
sh=517C6B40EC9E4A2B40A674F7F9C2F47A59918A17 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 10.zip"
sh=4A22E4E856F3CCC038B67DB0FEDA9C2324356739 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 11.zip"
sh=0EFCA258D68918479A79B8D1E7FCC844111031E1 ft=1 fh=c55ccc1d3dc33c20 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="F:\Music\Downloads\flstudio_9.1_online.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c8f9d6f4af718240a68786de0665e893
# engine=22386
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-10 01:41:37
# local_time=2015-02-10 02:41:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 2095466 186129082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7026079 48413790 0 0
# scanned=296063
# found=119
# cleaned=0
# scan_time=14353
sh=5A3BF792E02A8EF89D0F14E344DDF6AD9D6503CA ft=1 fh=d8a8aa49ce4e751c vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=6333DA667A1DB6B690F322886EF8B4DACECD7FE3 ft=1 fh=b02a9a0fb9ff7cbb vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=725B62B6252188BC0D26452EB6256107B063BD6D ft=1 fh=1c6f7591f401ac67 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\ASPUninstall.exe.vir"
sh=9D17BABCF710B8DA583CA4091B9C439CF8DC92DF ft=1 fh=4fe7cd3d69d77ee3 vn="Win32/Systweak.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Communication.dll.vir"
sh=93DC7D6BB28C238630D65A2766577262C43D17E9 ft=1 fh=f75d7f7c3c1fd884 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\SSDPTstub.exe.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir"
sh=0E4FB5AC497916F3462274FF295F8BD0C82F9390 ft=1 fh=bb695e894839ef1c vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe.vir"
sh=87F0C80D829248D28AF737B1F24671B860A5FE44 ft=1 fh=b73fba368dc1806f vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe.vir"
sh=EE6AFC06E9FC0BA41CD4E64ACEE33E02A97304ED ft=1 fh=8ffa53bbc1007075 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawl.FirstRun.exe.vir"
sh=A18E87BF9502AB8383AC8F47D50E52E61B3701CE ft=1 fh=a8b925542aff0cdc vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir"
sh=98AE5B113BA10E70A783DD5BFBD64763E52369BA ft=1 fh=5c8393776706a0f9 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir"
sh=BFEF4D539EE292A3A4AE67EACF8DB762434BA685 ft=1 fh=eeffc819dde3edcb vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\tmp582C.tmp.vir"
sh=320BE72162DD39758DB355AF9956229EB4176ADA ft=1 fh=75360cdbfa05ce17 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=6D0A0E75234CFFFCA364BCDCA6F43A33C0FB4B97 ft=1 fh=dcc3f89ea38575c1 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=6B50EC3E4976ACC3B5CF94E2806689758F7C03AD ft=1 fh=fd05272c278a9c36 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=A2D62287D06494EB2E945A53ECD71A4E933F1E6C ft=1 fh=822ee196c935c5a5 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=A806628D7D03174B04018A97BC27B0F801DB0DB6 ft=1 fh=a61f1a2fb18a1df4 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=5BE8D9B4E3BB25D6E0030EB3A169BD00E0D3026B ft=1 fh=11454ae4b2e345b8 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=CA61C417768E35A33CF3A8CA720273D0DB1CE37B ft=1 fh=755d293591b42157 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=E4356790E8B54F4DFC776E40044C4714692B66E2 ft=1 fh=c4c869c82ce96294 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=CAAD5F17261C70EBAC4B32B72FCF2F73188B8945 ft=1 fh=5f5a1e3dc4e2d151 vn="Variante von Win64/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=43DAB2E06BCB207547CA2003F1128B8AFBEC4A70 ft=1 fh=6f683cd2ddfa27a2 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=F3E870FD4836424683C4F476C03AC08964CC5EF7 ft=1 fh=a0c6b0b29c310285 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=ECE8F40A3CE808709152E0BFF701CC82C5E904F6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.crx.vir"
sh=CB84F4ABDC528FD24D9AC69B5981F3A64EE812DE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.xpi.vir"
sh=A4288F6199A396CC6990CC6A2FE8C9C4F4281E7A ft=1 fh=ba0a77b5a7aeeba0 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir"
sh=4E6C684003EEEBE5740552B4ADC6DA2E954E513A ft=1 fh=66b8c175df952644 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe.vir"
sh=46D16D1DCC31B27942CF13CED2FF6271BEF59B66 ft=1 fh=6b1e65945882b135 vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Uninstall.exe.vir"
sh=F448380C9F4B962AB2E3BA96F2E1FEF83BE9AB00 ft=1 fh=7cf7cd3d2482f7f9 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\utils.exe.vir"
sh=FFEC56FADE93CDC75BE54088182436632BE47C08 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir"
sh=E5D10734FD19C4B3933E89E409995BD65B0525AE ft=1 fh=2cfbb955d3345716 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir"
sh=F61ADDD0326A03685A35637BC704EB1959DC84C4 ft=1 fh=975f0524bf1774c5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=26DB385B79486E5EA34B1390DE4F25BA48E698A7 ft=1 fh=0ccad3bab389dc13 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\System Speedup\BeforeUninstall.exe.vir"
sh=38D3500BF7EF26802BF73E293C0541E16BE4C46B ft=1 fh=0fef2efcd4af5d69 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\System Speedup\SystemSpeedup.exe.vir"
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=AF36570D737043FEBEC5FA3DDB416A4CF5FDFBE9 ft=1 fh=c71c0011100f33aa vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=B18492E77EBDA4977135FC2F76F7291DF3C77BA1 ft=1 fh=2f90d3f2fdd0653e vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=C4B30FAF8A0EC58D5996CD2AD428C8E2D4893E53 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir"
sh=CEF467C0BE097DA999FECFDD9D187688C078B63F ft=1 fh=c7d71faf258672d3 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\105_corticas_m.js.vir"
sh=DA209282A25696B4D678B78442C261C5D81DC81B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=E5DA6BC389AFE8C4BE0D4BDF007094964623BEE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=408125466C1087F1B28C7C43745E9E1F3480201C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=00211CE73FB698A04BEF6622CB5B086D520B896D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=DB730C30AB384D45E22D00304F1103E934CB33B9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=94D9025E35A51C71746811F94F4AA5EFC9133252 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=E87ABD87A6168E160F36A5CE9E444C1719F203DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=5DDA8EE6DC4476C71431F32A0F30C6FD7CAA52E0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9D9234F1D8FDD30567D6065910A6CDE37B4E44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=821D36C18C8B253E6C0134438A703940AC129AAE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=973BFB4B71CFC651B94477FB244D6A0CA5996BE5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=1C615B43E780FB434AA3F923C6195A1BBBF34C9C ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=2714DB0A06F74A4282CDDC307EA1599670422E09 ft=1 fh=dbe7f66a91f8fadc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=2DAAB83B0439BC76845E58F3F7DDB84EE8E210C4 ft=1 fh=855a37aa5dbeb36f vn="Win32/InstallCore.PC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir"
sh=92E7DC56EE14A18092820D63C12D3D188F674628 ft=1 fh=fed897558cb51fb4 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir"
sh=89F94EEF0E921A673BEEFF1041A3B0292001A7F9 ft=1 fh=a21873cdce0059c2 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\Security System 2\uninstaller.exe.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=D3844CBC91D713BCE1C7C3DFEA7CA6D01C02B3E6 ft=1 fh=0894c982039ce88a vn="Win32/VOPackage.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=93F0172E398465FE8830AB01A70FDCA12EB11C4C ft=1 fh=4084d826ec2cd038 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\Windows Net Data\uninstaller.exe.vir"
sh=91DC006B84C4F51ADCADC1BB498E3376FC40130E ft=1 fh=c3b5952672b90e6f vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\sasnative64.exe.vir"
sh=6EE426E950941E65AA1AD22690844ECE31651FEA ft=1 fh=6d2a042f59d199b8 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Trend\EEP7\EEP7.exe"
sh=3725A2BC611F114872A93916484F1498E7FFF0D2 ft=1 fh=4fcd75e013887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\Bus-Simulator-2012-lnstall.exe"
sh=8299C40D778D2A13DD5F12F97A4088FB17338502 ft=1 fh=26d539751dfaf14c vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe"
sh=B81622A5B9BB23083D90FAD77D0D5EEF7B6E6A8A ft=1 fh=295a60c62ef2fe00 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\dffsetup-qtintf70.exe"
sh=5A164B93966B55A0A490329C7DA8414D0FDA371B ft=1 fh=022a7e6dbc0c9116 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\GoogleSketchUpWDE.exe"
sh=F8AADCBB574F8AE9B99F9F8217404B2B0DAE597C ft=1 fh=db518e1afa885ec8 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\Loksim3D-lnstall.exe"
sh=3643E4675782AC4966D3B102B920E4D3474BE11A ft=1 fh=3b818190d3c95b67 vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe"
sh=D62FA2F8AE92CED8F18FFA0D7B8D1E7D6C36D9D2 ft=1 fh=41ba4f8613887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall.exe"
sh=6626229C469C17F6FB68A3C17AA824B3197735EE ft=1 fh=c748ff92a00cdbfb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe"
sh=DD01918DEF40A0795FA5244AC2D99DA77874B4A0 ft=1 fh=76b2c5efbf2a88f2 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\setup-loksim3d-update-2-8-2a-Downloader.exe"
sh=D01F9F59BF6CA6E3FE60231CC8808C1A4FEA4530 ft=1 fh=e23161741f42185f vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Friedrich\Downloads\Setup_31FreeVideoConverter.exe"
sh=FB70A5A3E8CEA0A67CE4E87E7A716BE2BD8F59AD ft=1 fh=beaf8b70fef9c2b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\CombineZP - CHIP-Downloader.exe"
sh=460DF34D0C766CBCCE7D25F17A2A7A982B26C228 ft=1 fh=485dc196c0447f0f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Picasa - CHIP-Downloader (1).exe"
sh=9FEEBEC2056226F56C68462697D30FBB3F766F2B ft=1 fh=2a24b25dd4293a83 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Picasa - CHIP-Downloader.exe"
sh=7FC759AB281B9DC0908B8CFFE9E878B51EB0943B ft=1 fh=0caed3c60cba14b8 vn="Variante von Win32/AdWare.iBryte.AE Anwendung" ac=I fn="F:\Downloads\Setup.exe"
sh=457335C7D7CF3B76BDA5156BDFC9D2E55F5EB26E ft=1 fh=733834ea60493ef0 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Downloads\Downloads\Integrated_CT2325506.exe"
sh=41BE9C4A5AA0904F213A2E6FE2C5CCAD7089B422 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 1.zip"
sh=DC3081D26B1502EBDEE455FF3B11DA6C329A8C46 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 11.zip"
sh=8AFD5D11138BB5FA567515031F80F742B177E739 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 2.zip"
sh=7914245D512F94165B65C7CA75D823F785517ACA ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 10.zip"
sh=6FA5357E6BAB2948237A2854634705A193D86BE3 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 5.zip"
sh=FD06BFFA2C829D1CE6EE771D629DEEF29A92E7EB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 8.zip"
sh=2567B7758D4712E976C5FE4FA6019A287E2B976D ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 5.zip"
sh=10A148CDB308BA13BD13D30E272A23E265A01EE1 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 9.zip"
sh=BDF6FA8CEC7C248F6DE0063B80C209CC1512FFEC ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-11 193946\Backup files 4.zip"
sh=C1F48412AF16CCD2FAF33C561149F4A640B1B912 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-25 193544\Backup files 3.zip"
sh=517C6B40EC9E4A2B40A674F7F9C2F47A59918A17 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 10.zip"
sh=4A22E4E856F3CCC038B67DB0FEDA9C2324356739 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 11.zip"
sh=81BF0A6034314553C603B4D193562B78E51EB127 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-08-10 190008\Backup Files 2014-08-10 190008\Backup files 9.zip"
sh=194C4D1F93FB119A72340DB89F02029B12679188 ft=0 fh=0000000000000000 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="F:\ENRICOTOMSCHKE\Backup Set 2014-09-07 193414\Backup Files 2014-09-07 193414\Backup files 10.zip"

08.02.2015, 14:01	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe! Mein Computer hat Viren! PUP.optional.Wajam.A etc. Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

08.02.2015, 22:42	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hilfe! Mein Computer hat Viren! PUP.optional.Wajam.A etc. FRST bitte neu runterladen und mit der neuen Version Logs machen, da gab es anscheinend ein paar kleinere Bugs __________________ Logfiles bitte immer in CODE-Tags posten

Hilfe! Mein Computer hat Viren! PUP.optional.Wajam.A etc.

Plagegeister aller Art und deren Bekämpfung: Hilfe! Mein Computer hat Viren! PUP.optional.Wajam.A etc.