Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.02.2015, 23:09   #1
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Guten Abend,

Ich versuche seit Tagen dieses hartnäckigen Virus zu entfernen. Nun habe ich eine passende Beschreibung des Virus im Trojaner Board gefunden.

" Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf. Firefox und glaube auch Internet Explorer. "

Ich habe schon versucht das Problem per Anleitung selber zu lösen,jedoch findet "FRST" die Fixlist.txt nicht.

Über jegliche Hilfe wäre ich seeehr Dankbar

Hier schonmal die Editor Logs

FRST.txt
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Maxim (administrator) on MAXIMS-ULTRA-PC on 14-02-2015 22:31:51
Running from C:\Users\Maxim\Downloads
Loaded Profiles: Maxim (Available profiles: Maxim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\SysWOW64\filequartzx86\filequartzx86.exe
() C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe
() C:\Users\Maxim\AppData\Local\directxformatClient\hotstartmsv1_032.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
() C:\Windows\wauctla.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Maxim\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-19] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-09-24] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-24] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-24] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11166
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-14]
FF Extension: CensureBlock - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\censureblock@gmail.com.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google-Suche) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Google Mail) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 directxformatClient.exe; C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe [211968 2015-02-14] () [File not signed]
R2 filequartzx86; C:\WINDOWS\SysWOW64\filequartzx86\filequartzx86.exe [69120 2014-11-04] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-24] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-24] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-09-24] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-09-24] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-24] ()
R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-24] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 archivempg2spltProvider.exe; C:\Users\Maxim\AppData\Local\archivempg2spltProvider\archivempg2spltProvider.exe [X]
S2 cgimetafileMonitor.exe; C:\Users\Maxim\AppData\Local\cgimetafileMonitor\cgimetafileMonitor.exe [X]
S2 iconcomdlgx86.exe; C:\Users\Maxim\AppData\Local\iconcomdlgx86\iconcomdlgx86.exe [X]
S2 pythonvbicodecRec.exe; C:\Users\Maxim\AppData\Local\pythonvbicodecRec\pythonvbicodecRec.exe [X]
S2 qeditkerberosBckp.exe; C:\Users\Maxim\AppData\Local\qeditkerberosBckp\qeditkerberosBckp.exe [X]
S2 runtimeregidleDrv.exe; C:\Users\Maxim\AppData\Local\runtimeregidleDrv\runtimeregidleDrv.exe [X]
S2 wdipsisrndr_64.exe; C:\Users\Maxim\AppData\Local\wdipsisrndr_64\wdipsisrndr_64.exe [X]
S2 wpcumicomdlgProvider.exe; C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider\wpcumicomdlgProvider.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 21:50 - 2015-02-14 21:50 - 00052736 ___SH () C:\Users\Maxim\Documents\Thumbs.db
2015-02-14 21:49 - 2015-02-14 22:31 - 00019750 _____ () C:\Users\Maxim\Downloads\FRST.txt
2015-02-14 21:49 - 2015-02-14 21:50 - 00027499 _____ () C:\Users\Maxim\Downloads\Addition.txt
2015-02-14 21:47 - 2015-02-14 22:31 - 00000000 ____D () C:\FRST
2015-02-14 21:47 - 2015-02-14 21:47 - 00044187 _____ () C:\Users\Maxim\Downloads\FRST64(2).exe
2015-02-14 21:41 - 2015-02-14 21:41 - 00000027 _____ () C:\Users\Maxim\Desktop\Fixlist.txt
2015-02-14 21:25 - 2015-02-14 21:25 - 02134528 _____ (Farbar) C:\Users\Maxim\Downloads\FRST64(1).exe
2015-02-14 21:24 - 2015-02-14 21:24 - 00132971 _____ () C:\Users\Maxim\Downloads\FRST64.exe
2015-02-14 21:23 - 2015-02-14 21:23 - 00184523 _____ () C:\Users\Maxim\Downloads\FRST.exe
2015-02-14 21:09 - 2015-02-14 21:09 - 00000000 ____D () C:\Users\Maxim\AppData\Local\directxformatClient
2015-02-14 21:09 - 2015-02-14 21:09 - 00000000 ____D () C:\Program Files (x86)\eDealPop
2015-02-14 21:07 - 2015-02-14 21:07 - 00035840 ___SH () C:\Users\Maxim\Desktop\Thumbs.db
2015-02-14 21:06 - 2015-02-14 21:06 - 00000350 _____ () C:\WINDOWS\PFRO.log
2015-02-14 21:06 - 2015-02-14 21:06 - 00000116 _____ () C:\WINDOWS\setupact.log
2015-02-14 21:06 - 2015-02-14 21:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-12 21:40 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:40 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:20 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 02:20 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:20 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:20 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:20 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:10 - 2015-02-11 18:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2015-02-11 17:31 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 17:31 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 17:31 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 17:31 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 17:31 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 17:31 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 17:31 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 17:31 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 17:31 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 17:31 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 17:31 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 17:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 17:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 17:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 17:30 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 17:30 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 17:30 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 17:30 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 17:30 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 17:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 17:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 17:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 17:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 17:30 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 17:30 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 17:28 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 17:28 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 17:28 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 17:28 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 17:28 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 17:28 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 13:17 - 2015-02-10 13:17 - 00001295 _____ () C:\Users\Maxim\Desktop\Revo Uninstaller.lnk
2015-02-10 13:17 - 2015-02-10 13:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 13:13 - 2015-02-14 21:18 - 01485554 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 13:11 - 2015-02-10 13:11 - 00623616 _____ () C:\Users\Maxim\Downloads\HitmanPro-32_64_CB-DL-Manager.exe
2015-02-10 13:07 - 2015-02-10 13:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-10 13:06 - 2015-02-10 13:08 - 00000000 ____D () C:\Users\Maxim\Downloads\hitmanpro379
2015-02-10 13:04 - 2015-02-10 13:06 - 13485202 _____ () C:\Users\Maxim\Downloads\hitmanpro379.zip
2015-02-09 18:45 - 2015-02-09 18:46 - 02112512 _____ () C:\Users\Maxim\Downloads\adwcleaner_4.110.exe
2015-02-08 00:35 - 2015-02-08 00:35 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 00:34 - 2015-02-14 21:09 - 00003469 _____ () C:\WINDOWS\wauctla.InstallLog
2015-02-08 00:34 - 2015-02-06 13:13 - 00188928 _____ () C:\WINDOWS\wauctla.exe
2015-02-06 02:43 - 2015-02-02 16:46 - 00105024 _____ () C:\Users\Maxim\Documents\es_gen_Gr1.doc_0_1.odt
2015-01-30 15:50 - 2015-01-30 15:50 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-27 00:32 - 2015-01-27 00:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\b.txt
2015-01-27 00:27 - 2015-01-27 00:28 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Local\TuneUp Software
2015-01-27 00:24 - 2015-02-08 00:21 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\DVDVideoSoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 22:11 - 2014-12-15 20:00 - 00177664 ___SH () C:\Users\Maxim\Downloads\Thumbs.db
2015-02-14 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 21:51 - 2014-11-29 15:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-14 21:43 - 2014-12-03 21:43 - 00001718 _____ () C:\WINDOWS\Tasks\AZEKCUHV.job
2015-02-14 21:43 - 2014-12-03 21:43 - 00001364 _____ () C:\WINDOWS\Tasks\PPI.job
2015-02-14 21:12 - 2014-09-24 23:58 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-14 21:12 - 2014-09-24 23:58 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-14 21:12 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 21:07 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Origin
2015-02-14 21:07 - 2014-11-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-14 21:07 - 2014-11-29 15:14 - 00000000 ____D () C:\Users\Maxim\OneDrive
2015-02-14 21:06 - 2014-12-03 22:38 - 00000000 ____D () C:\AdwCleaner
2015-02-14 21:06 - 2014-09-24 14:43 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-14 21:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 21:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 21:03 - 2014-12-25 06:13 - 00000000 ____D () C:\Users\Maxim\AppData\Local\CrashDumps
2015-02-14 21:02 - 2014-12-03 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2015-02-14 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 16:54 - 2014-11-29 15:06 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD5BA588-6331-42F6-B6E6-1BE66C337281}
2015-02-12 22:48 - 2014-11-29 14:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2168408397-1879668375-2819476295-1001
2015-02-12 21:52 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 21:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-12 14:28 - 2014-12-12 01:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 14:28 - 2014-12-02 02:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 14:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-12 02:49 - 2014-12-02 02:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 02:46 - 2014-12-02 02:31 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 18:24 - 2013-08-22 15:44 - 00377224 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 17:20 - 2014-11-29 14:47 - 00000000 ____D () C:\Users\Maxim
2015-02-09 20:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 20:25 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-02-09 20:25 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-09 20:18 - 2014-09-24 14:38 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-09 18:08 - 2014-04-03 20:15 - 00000000 ____D () C:\WINDOWS\Panther
2015-02-08 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-05 17:20 - 2014-12-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 19:51 - 2014-11-29 15:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 12:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-18 18:03 - 2014-12-09 14:19 - 00000273 _____ () C:\Users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-01-18 16:29 - 2014-11-29 14:47 - 00000000 ____D () C:\Users\Maxim\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Maxim\AppData\Roaming\AZEKCUHV
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Maxim\AppData\Roaming\PPI
2014-09-24 14:19 - 2014-09-24 14:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Maxim\AppData\Local\Temp\Quarantine.exe
C:\Users\Maxim\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 13:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---






Addition.txtFRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Maxim at 2015-02-14 21:49:57
Running from C:\Users\Maxim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{E407C8D7-09C6-4056-BFAD-68C5FD8340F0}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
eDeals version 1.0 (HKLM-x32\...\eDeals_is1) (Version: 1.0 - eDeals) <==== ATTENTION
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{C23B292D-2656-4A05-97D5-41FDC040158C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.71 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2168408397-1879668375-2819476295-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

30-01-2015 15:50:40 Installed Adblock Plus for IE (32-bit and 64-bit)
06-02-2015 15:43:23 Windows Modules Installer
09-02-2015 20:25:27 Removed BlueStacks Notification Center
12-02-2015 21:52:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B5F6028-8A41-4875-AE79-8831EAE9F8BD} - System32\Tasks\PPI => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION
Task: {202DD6FB-B0C1-4DB2-A02A-7E8CC27DADAF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-20] (Lenovo)
Task: {390348E4-DBA1-4D4A-8A4F-3F9D691CA8BA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {4AFDFBD9-8129-4F31-B4C3-7392D37803C1} - \avaxvyvax No Task File <==== ATTENTION
Task: {554FCAF6-2DC9-413C-9573-36A39DB8CFAF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2168408397-1879668375-2819476295-1001
Task: {596DFD4F-99C0-4538-A310-F3A35998E0F4} - System32\Tasks\AZEKCUHV => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION
Task: {5D59E0B2-0CA5-4CAC-BC14-575F43429748} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {605AE424-83F3-4506-ABAC-FBD800172029} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7442351F-D381-457E-92A3-92B93E0485A1} - System32\Tasks\SystemMedia\SystemMedia 9 => C:\ProgramData\SystemMedia\SystemMedia.exe <==== ATTENTION
Task: {79773F3F-51A1-46AC-882B-52560B14B674} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {9D2F3539-8EC5-4BA0-B81A-3590EF8E6F36} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C2171A83-05B8-4D0B-BDF0-1AACE4D3FDE6} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-09-24] (Lenovo)
Task: {C3E2767E-D066-4C16-861E-EFDD59EC2665} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {E753BDAC-0416-47C9-93C6-A1B93ABCE040} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AZEKCUHV.job => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PPI.job => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-09-24 14:42 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-24 14:43 - 2014-09-24 14:43 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-09-24 14:43 - 2014-09-24 14:43 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-09-24 14:40 - 2014-01-06 14:14 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
2014-09-24 14:42 - 2014-09-24 14:42 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-09-24 14:42 - 2014-09-24 14:42 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-09-24 14:42 - 2014-09-24 14:42 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2014-09-24 14:40 - 2014-01-06 13:58 - 00044016 _____ () C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll
2015-01-16 13:08 - 2015-01-16 13:08 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-01-16 13:07 - 2015-01-16 13:07 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-01-16 13:07 - 2015-01-16 13:07 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-03 21:48 - 2014-11-04 12:22 - 00069120 _____ () C:\WINDOWS\SysWOW64\filequartzx86\filequartzx86.exe
2015-02-14 21:09 - 2015-02-14 21:09 - 00211968 _____ () C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe
2015-02-14 21:09 - 2015-02-14 21:09 - 00451072 _____ () C:\Users\Maxim\AppData\Local\directxformatClient\hotstartmsv1_032.exe
2015-02-14 21:09 - 2014-12-03 14:42 - 00006144 _____ () C:\Program Files (x86)\eDealPop\eDealPop.exe
2015-02-08 00:34 - 2015-02-06 13:13 - 00188928 _____ () C:\WINDOWS\wauctla.exe
2014-02-24 15:39 - 2014-02-24 15:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2015-02-14 21:09 - 2014-07-08 09:22 - 00095232 _____ () C:\Users\Maxim\AppData\Local\directxformatClient\qjson0.dll
2014-09-24 14:17 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-08 00:35 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Maxim\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maxim\Pictures\Backgrounds Wallpapers HD\4209.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2168408397-1879668375-2819476295-500 - Administrator - Disabled)
Gast (S-1-5-21-2168408397-1879668375-2819476295-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2168408397-1879668375-2819476295-1003 - Limited - Enabled)
Maxim (S-1-5-21-2168408397-1879668375-2819476295-1001 - Administrator - Enabled) => C:\Users\Maxim

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2015 01:32:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/13/2015 01:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01223070
ID des fehlerhaften Prozesses: 0x18f4
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/12/2015 01:29:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 01:06:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 01:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1f74
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/09/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02bf3068
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/09/2015 04:55:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x50a8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/09/2015 01:38:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/09/2015 03:57:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x25fc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/08/2015 01:37:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000165cf
ID des fehlerhaften Prozesses: 0x2ac8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5


System errors:
=============
Error: (02/14/2015 09:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "runtimeregidleDrv.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:09:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "wauctla Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/14/2015 09:09:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "runtimeregidleDrv.exe" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/14/2015 09:07:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "runtimeregidleDrv.exe" wurde nicht richtig gestartet.

Error: (02/14/2015 09:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "wpcumicomdlgProvider.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:06:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "wdipsisrndr_64.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:06:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "qeditkerberosBckp.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:06:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "pythonvbicodecRec.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:06:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iconcomdlgx86.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/14/2015 09:06:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "cgimetafileMonitor.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (02/13/2015 01:32:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/13/2015 01:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379unknown0.0.0.000000000c00000050122307018f401d046c952581abcC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeunknown3edb3dca-b37b-11e4-827f-e8b1fc0cd450

Error: (02/12/2015 01:29:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 01:06:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/10/2015 01:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251f7401d0452339093596C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf27eeb89-b11c-11e4-8278-e8b1fc0cd450

Error: (02/09/2015 09:17:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379unknown0.0.0.000000000c000000502bf306816e001d044a43359289aC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeunknownaeb86994-b098-11e4-8278-e8b1fc0cd450

Error: (02/09/2015 04:55:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142550a801d044214df7f29bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll105e9acf-b074-11e4-8273-e8b1fc0cd450

Error: (02/09/2015 01:38:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/09/2015 03:57:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142525fc01d043fcfd18210aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6f96bb3b-b007-11e4-8273-e8b1fc0cd450

Error: (02/08/2015 01:37:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9combase.dll6.3.9600.1703153086d7cc0000005000165cf2ac801d0433750965e8aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\combase.dllb5bcb102-af2a-11e4-8273-e8b1fc0cd450


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 41%
Total physical RAM: 8112.96 MB
Available physical RAM: 4772.88 MB
Total Pagefile: 9392.96 MB
Available Pagefile: 5727.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:196.7 GB) (Free:160.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 45F180A4)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---

Hier noch die mbam.txt
Es ist die neuste, jedoch habe ich in den letzten Tagen mehrfache Suchdurchläufe gemacht, deshalb weiss ich nicht ob folgende Informationen ausreichen




Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 14.02.2015
Suchlauf-Zeit: 22:42:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.14.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Maxim

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336768
Verstrichene Zeit: 4 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.EDealPop.A, C:\Program Files (x86)\eDealPop\eDealPop.exe, 2868, Löschen bei Neustart, [b6a71e00b9d13006c80308975aa93bc5]

Module: 1
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcr100.dll, Löschen bei Neustart, [f964001eb2d82511557b4d3cf90a2cd4],

Registrierungsschlüssel: 1
PUP.Optional.eDealsPop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\eDeals_is1, In Quarantäne, [f964001eb2d82511557b4d3cf90a2cd4],

Registrierungswerte: 1
PUP.Optional.EDealPop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eDealPop, "C:\Program Files (x86)\eDealPop\eDealPop.exe", In Quarantäne, [b6a71e00b9d13006c80308975aa93bc5]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 1
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop, Löschen bei Neustart, [f964001eb2d82511557b4d3cf90a2cd4],

Dateien: 6
PUP.Optional.EDeals.A, C:\Windows\Temp\UptUpdater.exe, In Quarantäne, [93ca37e7e3a7e254d8f9b6a1916f22de],
PUP.Optional.EDealPop.A, C:\Program Files (x86)\eDealPop\eDealPop.exe, Löschen bei Neustart, [b6a71e00b9d13006c80308975aa93bc5],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcp100.dll, In Quarantäne, [f964001eb2d82511557b4d3cf90a2cd4],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\msvcr100.dll, Löschen bei Neustart, [f964001eb2d82511557b4d3cf90a2cd4],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.dat, In Quarantäne, [f964001eb2d82511557b4d3cf90a2cd4],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.exe, In Quarantäne, [f964001eb2d82511557b4d3cf90a2cd4],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ADW CleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 14/02/2015 um 23:00:10
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Maxim - MAXIMS-ULTRA-PC
# Gestarted von : C:\Users\Maxim\Downloads\adwcleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Pirrit
Schlüssel Gelöscht : HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\RST
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Pirrit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Upt
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WinUpd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RST
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:12318
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)

[5jdgl1na.default-1423746786435\prefs.js] - Zeile Gelöscht : user_pref("extensions.CensureBlock.Subs_Rgxp_Block_URLspecAhrefIMGsrc", "\\.(?:(?:18123214069666\\d-)\\Da(?:a?-aabbydamdorablelexm(?:andaatoe?rbery)n(?:dreaettgelinanieus)propos[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [27421 Bytes] - [03/12/2014 22:38:57]
AdwCleaner[R10].txt - [2647 Bytes] - [12/02/2015 14:30:42]
AdwCleaner[R11].txt - [2646 Bytes] - [14/02/2015 21:03:51]
AdwCleaner[R12].txt - [3025 Bytes] - [14/02/2015 22:59:14]
AdwCleaner[R1].txt - [2352 Bytes] - [07/12/2014 16:04:56]
AdwCleaner[R2].txt - [8755 Bytes] - [27/01/2015 00:31:27]
AdwCleaner[R3].txt - [4009 Bytes] - [29/01/2015 14:40:50]
AdwCleaner[R4].txt - [2594 Bytes] - [09/02/2015 18:46:12]
AdwCleaner[R5].txt - [2653 Bytes] - [09/02/2015 18:49:50]
AdwCleaner[R6].txt - [2171 Bytes] - [09/02/2015 21:04:49]
AdwCleaner[R7].txt - [2646 Bytes] - [10/02/2015 13:21:20]
AdwCleaner[R8].txt - [2555 Bytes] - [11/02/2015 17:31:55]
AdwCleaner[R9].txt - [2588 Bytes] - [12/02/2015 14:23:24]
AdwCleaner[S0].txt - [24270 Bytes] - [03/12/2014 22:41:06]
AdwCleaner[S1].txt - [2263 Bytes] - [07/12/2014 16:07:22]
AdwCleaner[S2].txt - [7538 Bytes] - [27/01/2015 00:32:55]
AdwCleaner[S3].txt - [3376 Bytes] - [29/01/2015 14:45:52]
AdwCleaner[S4].txt - [2714 Bytes] - [09/02/2015 18:54:19]
AdwCleaner[S5].txt - [2661 Bytes] - [10/02/2015 13:23:19]
AdwCleaner[S6].txt - [2616 Bytes] - [11/02/2015 17:44:05]
AdwCleaner[S7].txt - [2707 Bytes] - [12/02/2015 14:31:39]
AdwCleaner[S8].txt - [2706 Bytes] - [14/02/2015 21:06:02]
AdwCleaner[S9].txt - [2916 Bytes] - [14/02/2015 23:00:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2975  Bytes] ##########
         
--- --- ---

Junkware Renoval ToolJRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Maxim on 14.02.2015 at 23:06:02,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.02.2015 at 23:07:50,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---

Alt 15.02.2015, 07:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



HI,

in welchem Browser?
__________________

__________________

Alt 15.02.2015, 19:08   #3
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Ich besitze nur Firefox und Explorer und in beiden ist der Virus vorhanden.
__________________

Alt 16.02.2015, 10:25   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
C:\Program Files (x86)\Lenovo\Yoga Picks
C:\Program Files (x86)\eDealPop
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11166
S2 cgimetafileMonitor.exe; C:\Users\Maxim\AppData\Local\cgimetafileMonitor\cgimetafileMonitor.exe [X]
S2 iconcomdlgx86.exe; C:\Users\Maxim\AppData\Local\iconcomdlgx86\iconcomdlgx86.exe [X]
S2 pythonvbicodecRec.exe; C:\Users\Maxim\AppData\Local\pythonvbicodecRec\pythonvbicodecRec.exe [X]
S2 qeditkerberosBckp.exe; C:\Users\Maxim\AppData\Local\qeditkerberosBckp\qeditkerberosBckp.exe [X]
S2 runtimeregidleDrv.exe; C:\Users\Maxim\AppData\Local\runtimeregidleDrv\runtimeregidleDrv.exe [X]
S2 wdipsisrndr_64.exe; C:\Users\Maxim\AppData\Local\wdipsisrndr_64\wdipsisrndr_64.exe [X]
S2 wpcumicomdlgProvider.exe; C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider\wpcumicomdlgProvider.exe [X]
C:\Users\Maxim\AppData\Local\cgimetafileMonitor
C:\Users\Maxim\AppData\Local\iconcomdlgx86
C:\Users\Maxim\AppData\Local\pythonvbicodecRec
C:\Users\Maxim\AppData\Local\qeditkerberosBckp
C:\Users\Maxim\AppData\Local\runtimeregidleDrv
C:\Users\Maxim\AppData\Local\wdipsisrndr_64
C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.02.2015, 15:21   #5
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Maxim at 2015-02-16 14:21:34 Run:1
Running from C:\Users\Maxim\Desktop
Loaded Profiles: Maxim (Available profiles: Maxim)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [Yoga Picks] => C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe [119280 2014-01-06] (Lenovo)
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
C:\Program Files (x86)\Lenovo\Yoga Picks
C:\Program Files (x86)\eDealPop
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11166
S2 cgimetafileMonitor.exe; C:\Users\Maxim\AppData\Local\cgimetafileMonitor\cgimetafileMonitor.exe [X]
S2 iconcomdlgx86.exe; C:\Users\Maxim\AppData\Local\iconcomdlgx86\iconcomdlgx86.exe [X]
S2 pythonvbicodecRec.exe; C:\Users\Maxim\AppData\Local\pythonvbicodecRec\pythonvbicodecRec.exe [X]
S2 qeditkerberosBckp.exe; C:\Users\Maxim\AppData\Local\qeditkerberosBckp\qeditkerberosBckp.exe [X]
S2 runtimeregidleDrv.exe; C:\Users\Maxim\AppData\Local\runtimeregidleDrv\runtimeregidleDrv.exe [X]
S2 wdipsisrndr_64.exe; C:\Users\Maxim\AppData\Local\wdipsisrndr_64\wdipsisrndr_64.exe [X]
S2 wpcumicomdlgProvider.exe; C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider\wpcumicomdlgProvider.exe [X]
C:\Users\Maxim\AppData\Local\cgimetafileMonitor
C:\Users\Maxim\AppData\Local\iconcomdlgx86
C:\Users\Maxim\AppData\Local\pythonvbicodecRec
C:\Users\Maxim\AppData\Local\qeditkerberosBckp
C:\Users\Maxim\AppData\Local\runtimeregidleDrv
C:\Users\Maxim\AppData\Local\wdipsisrndr_64
C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider
Emptytemp:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Yoga Picks => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eDealPop => value deleted successfully.

"C:\Program Files (x86)\Lenovo\Yoga Picks" directory move:

C:\Program Files (x86)\Lenovo\Yoga Picks\Icon.ico => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\LAPTOP_h.png => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.NotifyArea.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Lenovo.YogaPicks.ShortCut.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\mfc110u.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\microsoft.windows.softwarelogo.shared.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Microsoft.WindowsAPICodePack.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Microsoft.WindowsAPICodePack.Shell.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\smallIcon.ico => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\STAND_h.png => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\TABLET_h.png => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\TENT_h.png => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Util.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe.config => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\YogaMode.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\YogaMode.lib => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\lvcomm.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\mfc110u.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\Microsoft.WindowsAPICodePack.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\Microsoft.WindowsAPICodePack.Shell.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\Util.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\YogaPicks.AppService.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\YogaPicks.AppService.exe.config => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\YPServiceInstaller.bat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x86\YPServiceUnInstaller.bat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\lvcomm.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\mfc110u.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\Microsoft.WindowsAPICodePack.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\Microsoft.WindowsAPICodePack.Shell.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\Util.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe.config => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.InstallLog => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.InstallState => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YPServiceInstallerX64.bat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YPServiceUnInstallerX64.bat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\MetaFile\d291d26b-45a7-43d7-9b80-0c7dfc0d7c6a.devicemetadata-ms => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\ar-SA.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\cs.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\da.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\de.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\el.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\en.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\es.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\fi.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\fr.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\he-IL.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\hr.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\hu.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\it.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\ja.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\ko.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\nb.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\nl.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\nn.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\no.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\pl.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\pt-BR.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\pt-PT.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\ro.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\ru.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\sk.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\sl.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\sr-Latn.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\sv.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\tr.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\zh-CN.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\zh-HK.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Language\zh-TW.xml => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\d291d26b-45a7-43d7-9b80-0c7dfc0d7c6a.devicemetadata-ms => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\devcon.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\install.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\uninstall.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\WUDFUpdate_01011.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\yogapicks.cat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\YogaPicks.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.1\YogaPicks.inf => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\devcon.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\install.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\uninstall.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\WUDFUpdate_01011.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\yogapicks.cat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\YogaPicks.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x86\win8.0\YogaPicks.inf => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\devcon.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\install.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\uninstall.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\WUDFUpdate_01011.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\yogapicks.cat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\YogaPicks.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.1\YogaPicks.inf => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\devcon.exe => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\install.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\uninstall.cmd => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\WUDFUpdate_01011.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\yogapicks.cat => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\YogaPicks.dll => Moved successfully.
C:\Program Files (x86)\Lenovo\Yoga Picks\Drivers\x64\win8.0\YogaPicks.inf => Moved successfully.
Could not move "C:\Program Files (x86)\Lenovo\Yoga Picks" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\eDealPop" directory move:

C:\Program Files (x86)\eDealPop\eDealPop.exe => Moved successfully.
C:\Program Files (x86)\eDealPop\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\eDealPop\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\eDealPop\unins000.dat => Moved successfully.
C:\Program Files (x86)\eDealPop\unins000.exe => Moved successfully.
Could not move "C:\Program Files (x86)\eDealPop" directory. => Scheduled to move on reboot.

"HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
cgimetafileMonitor.exe => Service deleted successfully.
iconcomdlgx86.exe => Service deleted successfully.
pythonvbicodecRec.exe => Service deleted successfully.
qeditkerberosBckp.exe => Service deleted successfully.
runtimeregidleDrv.exe => Service deleted successfully.
wdipsisrndr_64.exe => Service deleted successfully.
wpcumicomdlgProvider.exe => Service deleted successfully.
"C:\Users\Maxim\AppData\Local\cgimetafileMonitor" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\iconcomdlgx86" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\pythonvbicodecRec" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\qeditkerberosBckp" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\runtimeregidleDrv" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\wdipsisrndr_64" => File/Directory not found.
"C:\Users\Maxim\AppData\Local\wpcumicomdlgProvider" => File/Directory not found.
EmptyTemp: => Removed 415.4 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-16 14:22:59)<=

C:\Program Files (x86)\Lenovo\Yoga Picks => Is moved successfully.
C:\Program Files (x86)\eDealPop => Is moved successfully.

==== End of Fixlog 14:22:59 ====

Ich musste die Eset Log.txt manuell suchen, hoffe es ist die richtige

Es wurden bei dem Suchlauf auf jeden Fall Funde endeckt

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3a761db4dbed6c43b092b01371f95575
# engine=22494
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-16 01:48:34
# local_time=2015-02-16 02:48:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 2241 14398833 0 0
# scanned=82565
# found=147
# cleaned=0
# scan_time=779
sh=8C2439E8D9A3BBE3A1790C01CD9E212AFF790035 ft=1 fh=c907a1331702b73d vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bjvkh.dll.vir"
sh=D11010E4EED9D0324F0E72B546D3AD80F1517B8E ft=1 fh=f12251822dd89e48 vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bjvkh64.dll.vir"
sh=A5D0D9FB2D04555945246A51EC3A7E58D96E23D2 ft=1 fh=8f98caf3bbf8c057 vn="Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\blnj32.dll.vir"
sh=58DC437A09A5F656052D295D548BF6825130B048 ft=1 fh=4db2d3ad4566f2f2 vn="Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\blnj64.dll.vir"
sh=F4C9980BF1CD209E6F6E6A32E9BAF7C309D68F96 ft=1 fh=430038d1149beb5a vn="a variant of Win32/Toolbar.Perion.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bntf.exe.vir"
sh=7B7FEDE270EAE0E5B9719F9417A5D0D84A7F7EA4 ft=1 fh=64f6a8a64afa5750 vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bntf64.exe.vir"
sh=5A15DB05E4581697B24B28883B0A234ADC04A587 ft=1 fh=198cff53a76f0f84 vn="a variant of Win32/Toolbar.Perion.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bop32.dll.vir"
sh=B21106C75151F351C67169879DA0D46AB292CB62 ft=1 fh=0479ab0e0daa015d vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bop64.dll.vir"
sh=D12EC3E24E166E3F360DA5B65A828D114F29AA1D ft=1 fh=fd4b015062f8b4ca vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\brbsrv.exe.vir"
sh=5A37606E544B59D411FA4E3C283DACFFBACAD582 ft=1 fh=0e6c10b7d4b47283 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\brgb.dll.vir"
sh=72FF0A87BD5FB80F102AA73D6B935FB294DC5F77 ft=1 fh=4226fd59860a2aff vn="Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\brgb64.dll.vir"
sh=879A232C7553A5206B1AF01F170C018FF79A6D2D ft=1 fh=d0a16c35eb77a596 vn="Win32/VMDetect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bvmn.exe.vir"
sh=C62D763B9C2CEAAED8FA9B7188ADADA4A47D8F66 ft=1 fh=ee4670e681195ba3 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bwbk.dll.vir"
sh=B598A7E97869C9E8A2A13AFDB53FCA522A33006F ft=1 fh=bc0504c92b3fc380 vn="a variant of Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\bwbk64.dll.vir"
sh=81701CBC8F1A816F7239704758F52BA4E0DC8BF8 ft=1 fh=6df414b049bce859 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\dfsrvex.exe.vir"
sh=BCCDB5542E80159FD177031B2DAFA8AF58E4BD14 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\{970050F4-B21B-4c84-ACAB-DFEB867A4776}.xpi.vir"
sh=7D53811BC59129DDD3FD21EEBB564F902D865C13 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir"
sh=0FADB783C6C38284E5819BCADED2A1C50503F7AF ft=1 fh=fcdd72b19b62f8d2 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll.vir"
sh=CCFCD73F208F834C854E46E6F31DB11AADA5CF08 ft=1 fh=6a366370a714a51b vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bservice.exe.vir"
sh=1C5EF364255BBF5353713D0D1A66995AC3C7BCBC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\a23ef7dc-b8d4-4344-9aef-7bcd3148cba7.crx.vir"
sh=76CD54A18AE02AA374C097E636F6ED551466AFCA ft=1 fh=f165f790444f3ef7 vn="a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\CinePlus-1.2V03.12-bg.exe.vir"
sh=E25CE1FFB8ADB737267B29D95D5C8D0100A33C94 ft=1 fh=b61f051a4d67768f vn="a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\CinePlus-1.2V03.12-bho.dll.vir"
sh=75611A641C8281A9BC683692234EA2E0B86B7705 ft=1 fh=1a5accfc68e6b555 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\CinePlus-1.2V03.12-bho64.dll.vir"
sh=C0630690303964DE269C6552A7FF808238571103 ft=1 fh=f82e47e94d03b43f vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\CinePlus-1.2V03.12-codedownloader.exe.vir"
sh=530C28E462B3C5B4B67E284A9C9709B6A55468FD ft=1 fh=b3ff689f1d85860d vn="a variant of Win32/Toolbar.CrossRider.BC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\deb832e9-307b-4a81-b13c-218a494065c9.exe.vir"
sh=EB4DA21705FD0CE27EDF662B2EE794F949DFBB06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\e2f12637-69ca-4bcd-ae6b-30df6c9ca0ea.crx.vir"
sh=4206B97236144FC82333B2465582AC7C0DBC5C5D ft=1 fh=c80ee3dde8066d3a vn="a variant of Win32/Toolbar.CrossRider.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\f2ba4662-32db-4cd9-8c8f-917d50d71a41.exe.vir"
sh=1035C124E6353318570FCC0B2289E93E9388142C ft=1 fh=6c0606b7fe1d405e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0-11.exe.vir"
sh=1035C124E6353318570FCC0B2289E93E9388142C ft=1 fh=6c0606b7fe1d405e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0-3.exe.vir"
sh=5178CC5FE30B47F295EBB9B03735922D8C6B4A14 ft=1 fh=20f7d48d21fffa1a vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0-4.exe.vir"
sh=AFF4647B017DDB70270E5AE57883D814CA926A36 ft=1 fh=ed1843adfc28a979 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0-5.exe.vir"
sh=1C5EF364255BBF5353713D0D1A66995AC3C7BCBC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0.crx.vir"
sh=E8D7F3055BE015D07EDE7C3B44B5AAE8CEC3024C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\face9c15-888c-48b5-a742-4909d58692f0.xpi.vir"
sh=E35D1A382E339D97C2C7F9BCA40EBED96D080CFE ft=1 fh=d5ba07cefa0e911b vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\Interop.IWshRuntimeLibrary.dll.vir"
sh=B17F30CC785B7B5267AF2E1A0F1CC14CE94A5B6E ft=1 fh=5e6ac6ea5620ad9d vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\Newtonsoft.Json.dll.vir"
sh=914074CC24B4147D3D961CF346FBF5FB208E7D60 ft=1 fh=a4c5c2264bee6d48 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\SuperSocket.ClientEngine.Common.dll.vir"
sh=175E4491EE0614094EE1353F7A8A742C7AC1F2DB ft=1 fh=332c76f956654375 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\SuperSocket.ClientEngine.Core.dll.vir"
sh=6D5170AF59E9E9A41A13B62693157BAAA8C8CB41 ft=1 fh=3b113494bbebc0c7 vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\SuperSocket.ClientEngine.Protocol.dll.vir"
sh=5A395AA801E2F692C8DC2B5C9654D7A65B0461C4 ft=1 fh=ddc61e410cf85c4d vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\Uninstall.exe.vir"
sh=F3A8E36B6B2026B9BC428C7C9535F5BFC8183BDC ft=1 fh=a98264a67277c12b vn="Win32/Packed.VMDetector.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\utils.exe.vir"
sh=3A9B8609D6FD8E7267FA540FF75CA74A20C193BD ft=1 fh=1ffd70f3c1a21f1c vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinePlus-1.2V03.12\WebSocket4Net.dll.vir"
sh=AA505B093673BE249A0A3AC33D5B8244DBDAEF23 ft=1 fh=7f170b0de0a938a0 vn="a variant of Win32/Adware.SoftwareRefresher.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Davenport\Intercepter\x86\1.3\intercepter.dll.vir"
sh=7D99FBA462856BC4DD46A7B18E1D79D1C2BC0789 ft=1 fh=0c98b06ccc654f7d vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe.vir"
sh=01B1F9CB2D50A5609593744320463E46B91EEED4 ft=1 fh=769d3a4457a9efb0 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe.vir"
sh=C91A0FA1B6D1087BFFF881365E2985A011B401C2 ft=1 fh=4fa76ddc1441696b vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll.vir"
sh=FA71B8789F7BB0D1FC4A4F6EB9E082D234DD4E8A ft=1 fh=5c4c6b425e2cebc2 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll.vir"
sh=8FF3027FD5B24AF549A476472735F525E5A82E79 ft=1 fh=8958c815348aafc1 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll.vir"
sh=621A43829E928D10CDA8CE4ECCF5C11E6BCFD5A8 ft=1 fh=1402f114ad354e9d vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe.vir"
sh=DDB78884545DF16760E10BFC482D1719DDCA5C90 ft=1 fh=3db9760f8b27cec5 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll.vir"
sh=E56595B052627D2E0F79BFEB1113B85CF5E373DB ft=1 fh=fd73c4a1721c52d6 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe.vir"
sh=1B64473A9F6DC51107678E8649727FADE9D9B4F2 ft=1 fh=d771a5c9edd3de6b vn="a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LenovoBrowserGuard\UI\bin\cltmngui.exe.vir"
sh=F676BCF3517B59DEE8E317E93A00CD74E18B186A ft=1 fh=459f9b9de46bfdf7 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\lrrot.dll.vir"
sh=ED57FCF0E5CB3CF08429F8E13A929079F46CC3E6 ft=1 fh=c674b888749b41e5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=F669C332B2A8A976F4E2C1CDE50495D0257FEB53 ft=1 fh=0fd5d3ce8534e7e5 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia.exe.vir"
sh=A618AE4225D0D22004DD3A3FEDF8F87F8569BF8D ft=1 fh=c76a0a9a24bc64b5 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia64.exe.vir"
sh=FDAE1ABB987092C657356CBAE77151A6B7263878 ft=1 fh=ae9ece6f5652883f vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=237F01578E40FD1E6D95E0D4C97DBCA92827B58B ft=1 fh=17cb05aa2baad328 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=C30487F2387695F6C86DD380A75C4EBA7209316C ft=1 fh=88450590942ada21 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=73352E3095535C799AE2799D14B45A6E9DFCAAC4 ft=1 fh=0e2cbb2d9f87df33 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=439BDFB9E3B0713B2588A9879299E76D5C7EA7D9 ft=1 fh=9a09a4157acaada5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir"
sh=847CDB78BE32D1A20115F2B2C4C9FC0BEE407554 ft=1 fh=4e1353972007adfb vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=1DB34B41763B34193632D97A95183E5B42C9D628 ft=1 fh=0d2f1079954527fb vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir"
sh=F1CACFE1E4324879E14BEE5F2BE6B3E2F9872039 ft=1 fh=55edbda80ae3c26d vn="a variant of Win32/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir"
sh=6EE13540DA0238F204AD735A84EC7E774E3FE3C2 ft=1 fh=1dcb219991998987 vn="a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir"
sh=C07D98031E67DD7268505B4BE06691D763A2106E ft=1 fh=742ddfee9fbec440 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir"
sh=781F9B92B453B90F3C04D98B5153DD5C6C26F589 ft=1 fh=135374a5b4967ccc vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir"
sh=AFB95723B245EB95106EC407D2443BE30426C079 ft=1 fh=045fdc84af3b3525 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\BHOEnabler.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="a variant of Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="a variant of Win32/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=8767A98255ABA8AAD795522966A097F381111C4B ft=1 fh=c71c00111c9a800d vn="a variant of Win32/Adware.AddLyrics.CE application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\181.dll.vir"
sh=C7025C8F1C8CEFE3D46B0E8AE2F725B750BE06DE ft=1 fh=315191cba1c68c76 vn="a variant of Win64/Adware.AddLyrics.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\181_x64.dll.vir"
sh=4CF0A9B547F3091788473FE758D4E643A5731ED6 ft=1 fh=c71c001119b4527c vn="a variant of Win32/Adware.AddLyrics.CF application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\B6SpeedCheckerd35.exe.vir"
sh=262D6773FD95E5D10E2D1D2CBE3620DA99441945 ft=1 fh=83285b8172e395fc vn="a variant of Win32/Adware.AddLyrics.CG application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\Uninstall.exe.vir"
sh=CC1A5E195AE5DB046539D18C5048C4A2E285711A ft=1 fh=95d6957437a66324 vn="a variant of Win64/Adware.AddLyrics.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\x64\TandemRunner.exe.vir"
sh=6E5D0AB18B498E8EBC6BAB9C850F38D26CE427F9 ft=1 fh=8a80bf55b7b691e4 vn="Win64/Adware.AddLyrics.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver8SpeedChecker\x64\webinstrNew.sys.vir"
sh=CC7395FC0FE4D7F536FA2538FAD5A854FE7F360A ft=1 fh=6b5409c5ed5e1594 vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\CMWFP.sys.vir"
sh=249FE3168142E647F07D557616078FB119B4B888 ft=1 fh=7d872963e7673028 vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\CMWFP64.sys.vir"
sh=E1E435F92DBDCCDF087FF5EACD59967B69E44DA5 ft=1 fh=8ef5e37be386900b vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\ColorMedia.exe.vir"
sh=DF03905F5DB732477F667E214F737E536C208728 ft=1 fh=39f8ce88aad631c6 vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\ColorMediaWFPInst.exe.vir"
sh=559BA97B49DABCBE1535FAE94F212EF09D38B72A ft=1 fh=2e4a6a303cb12274 vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\PicColor Utility\PicColor.exe.vir"
sh=53D56362669EC3A7483148269A1059FD690A7033 ft=1 fh=c71c0011a6df79d7 vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=F676BCF3517B59DEE8E317E93A00CD74E18B186A ft=1 fh=459f9b9de46bfdf7 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\lrrot.dll.vir"
sh=ED57FCF0E5CB3CF08429F8E13A929079F46CC3E6 ft=1 fh=c674b888749b41e5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=57F11D7D6BFF92E85AE2934FAA54AB68F7698D16 ft=1 fh=15eb380b82c951e9 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\smia.exe.vir"
sh=A618AE4225D0D22004DD3A3FEDF8F87F8569BF8D ft=1 fh=c76a0a9a24bc64b5 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\smia64.exe.vir"
sh=FDAE1ABB987092C657356CBAE77151A6B7263878 ft=1 fh=ae9ece6f5652883f vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\sppsm.dll.vir"
sh=237F01578E40FD1E6D95E0D4C97DBCA92827B58B ft=1 fh=17cb05aa2baad328 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\spusm.dll.vir"
sh=C30487F2387695F6C86DD380A75C4EBA7209316C ft=1 fh=88450590942ada21 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\srbs.dll.vir"
sh=73352E3095535C799AE2799D14B45A6E9DFCAAC4 ft=1 fh=0e2cbb2d9f87df33 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\srbu.dll.vir"
sh=439BDFB9E3B0713B2588A9879299E76D5C7EA7D9 ft=1 fh=9a09a4157acaada5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\srpt.dll.vir"
sh=847CDB78BE32D1A20115F2B2C4C9FC0BEE407554 ft=1 fh=4e1353972007adfb vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\srptc.dll.vir"
sh=1DB34B41763B34193632D97A95183E5B42C9D628 ft=1 fh=0d2f1079954527fb vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\srut.dll.vir"
sh=F1CACFE1E4324879E14BEE5F2BE6B3E2F9872039 ft=1 fh=55edbda80ae3c26d vn="a variant of Win32/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=6EE13540DA0238F204AD735A84EC7E774E3FE3C2 ft=1 fh=1dcb219991998987 vn="a variant of Win64/Toolbar.Linkury.A.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=CDBC46A4CB066D814F2C7C016D5DCB51CDCDB3F1 ft=1 fh=98fec1d5be7bac80 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Lrcnta.exe.vir"
sh=F676BCF3517B59DEE8E317E93A00CD74E18B186A ft=1 fh=459f9b9de46bfdf7 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=E938C7EC00746D250DDD3BB16C2CDCD37637FC15 ft=1 fh=8f640dc234059585 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=4688ABD3D83BE51CB1C18CD1DF01CE87008BFD96 ft=1 fh=f5b2a45531e8558f vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=806B2C68C39023603E72545B99803B450F15254B ft=1 fh=19659d4116c762de vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=8C8FCCE63430BEBCA2C2FE12888E39B08F547968 ft=1 fh=0f817919bc031016 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=51855894EA1560FC5BEA97C48AAC2FE6DD8A8E45 ft=1 fh=2e9cd49756f2bd79 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=ED57FCF0E5CB3CF08429F8E13A929079F46CC3E6 ft=1 fh=c674b888749b41e5 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=239C502ADECA7F68D82B15A55D1432E5ECE4B54F ft=1 fh=ddb1f160ff412319 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=239C502ADECA7F68D82B15A55D1432E5ECE4B54F ft=1 fh=ddb1f160ff412319 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=DA67BE2893B4CC01A3074B9FA9F833814B69D155 ft=1 fh=88b0445aa40c5b9b vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=DA67BE2893B4CC01A3074B9FA9F833814B69D155 ft=1 fh=88b0445aa40c5b9b vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=A618AE4225D0D22004DD3A3FEDF8F87F8569BF8D ft=1 fh=c76a0a9a24bc64b5 vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\smia64.exe.vir"
sh=AD6255AFD8E3AD941DCA402F50CACE839C855AB7 ft=1 fh=880bb8ce411e751d vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=3347D58B7CB4C631D0A35D9CC1BBAC204A39C8FA ft=1 fh=872f9a0bf4fa4f6b vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=BB2D5AD1E4B96FE744BC7BFE76F664FFFE5C785D ft=1 fh=1c3f6ff53ec6c873 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=2A6CD48011130D963C6F241ED9764F4397E3537E ft=1 fh=73a5a02ffe34c750 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\SnapDo.exe.vir"
sh=2E8AF508AE416EB4CB3540C38CA8BE6A061FDF08 ft=1 fh=44f09cae14c76f3b vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=7C8170E08078B4DF3AD3453D202F9429236FB3F4 ft=1 fh=723453c6a2900a9e vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=FDAE1ABB987092C657356CBAE77151A6B7263878 ft=1 fh=ae9ece6f5652883f vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=237F01578E40FD1E6D95E0D4C97DBCA92827B58B ft=1 fh=17cb05aa2baad328 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=4C78B788320B0F18E7A062CAA018E5A3EA5933FB ft=1 fh=281515b26b1cb28f vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=C30487F2387695F6C86DD380A75C4EBA7209316C ft=1 fh=88450590942ada21 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=73352E3095535C799AE2799D14B45A6E9DFCAAC4 ft=1 fh=0e2cbb2d9f87df33 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=BBC7B14957BD04EF7FB71AA3B21DD126E8168A0A ft=1 fh=e9035b320ea43e7e vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=1DB34B41763B34193632D97A95183E5B42C9D628 ft=1 fh=0d2f1079954527fb vn="a variant of MSIL/Toolbar.Linkury.M.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=806E1D82A6FE38385439EC3CE055E8B99C653B90 ft=1 fh=7ecd0e9f247e622e vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=C0E983273687F149F7465E56E499FC9CE8B45D8C ft=1 fh=96e13e572556f157 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vi r"
sh=98257D51FA765330DEFACEDC64135CE08DFBF088 ft=1 fh=ca51a056d7e710d8 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vi r"
sh=4B9F547AEF24928AF0BF1757F6482BCA3C84ECE7 ft=1 fh=d10067a3bdf76a69 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vi r"
sh=49637AC422CAF861A8174E8E8718C055FB1A9A61 ft=1 fh=08b7ce0d879c9f46 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vi r"
sh=CC1FCB7653CFD865A7EE501252C508C7344747A4 ft=1 fh=672eb3737de1717d vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_32.dll.vi r"
sh=D7BD3417122951E13F95886C5F9736ADF7F16152 ft=1 fh=921735928170c030 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_33.dll.vi r"
sh=091D4BA10BBB4E2CFB9457230813E32A43D1EE2A ft=1 fh=89b59d0d8749feeb vn="a variant of Win32/AdWare.SpeedingUpMyPC.N application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Local\Temp\OptimizerPro.exe.vir"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\dmlq24z8.default\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com\extensionData\plugins\91.js.vir"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Maxim\AppData\Roaming\RHEng\463E7991F6464DAC84F98078BC9E58F4\sp-downloader.exe.vir"
sh=249FE3168142E647F07D557616078FB119B4B888 ft=1 fh=7d872963e7673028 vn="a variant of Win32/Adware.PicColor.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\CMWFP64.sys.vir"
sh=6E5D0AB18B498E8EBC6BAB9C850F38D26CE427F9 ft=1 fh=8a80bf55b7b691e4 vn="Win64/Adware.AddLyrics.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\webinstrNew.sys.vir"
sh=83F0543DF9233DBE19DCA183E2738C9A1F1036C2 ft=1 fh=34e7354aef346a57 vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\lsdprn.exe.vir"
sh=83608A35CC60E1AEA0A7424F37D74E3C0C68BA9D ft=1 fh=c71c0011d9b46d79 vn="a variant of Win32/Adware.Pirrit.R application" ac=I fn="C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\applicationsharewareUI.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Maxim\AppData\Roaming\AZEKCUHV"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Maxim\AppData\Roaming\PPI"
sh=7AFC4C94C9B89AFB2BC17BFFC4078076A55C4688 ft=1 fh=d4a2d80261445fc7 vn="a variant of Win32/DownloadGuide.D potentially unwanted application" ac=I fn="C:\Users\Maxim\Downloads\HitmanPro-32_64_CB-DL-Manager.exe"
sh=DC2884CC1CED19603CCCAD873EB90C134E093325 ft=1 fh=ab7b4d1e33ebb2e1 vn="a variant of MSIL/Adware.Pirrit.A application" ac=I fn="C:\Windows\wauctla.exe"

Hier noch der SecurityCheck

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

und die frische Frst.Log
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Maxim (administrator) on MAXIMS-ULTRA-PC on 16-02-2015 15:16:15
Running from C:\Users\Maxim\Desktop
Loaded Profiles: Maxim (Available profiles: Maxim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\softwarelocalsplRecovery.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
() C:\Windows\wauctla.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\applicationsharewareUI.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\SysWOW64\filequartzx86\filequartzx86.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Pokki) C:\Users\Maxim\AppData\Local\Pokki\Engine\HostAppService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Maxim\Desktop\FRST64(3).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-19] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-09-24] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-24] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-24] (Lenovo(beijing) Limited)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-28] (Electronic Arts)
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11740
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-14]
FF Extension: CensureBlock - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\censureblock@gmail.com.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google-Suche) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Google Mail) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 filequartzx86; C:\WINDOWS\SysWOW64\filequartzx86\filequartzx86.exe [69120 2014-11-04] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-24] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-24] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-09-24] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-09-24] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 softwarelocalsplRecovery.exe; C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\softwarelocalsplRecovery.exe [211968 2015-02-14] () [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-24] ()
R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-24] (Lenovo)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 archivempg2spltProvider.exe; C:\Users\Maxim\AppData\Local\archivempg2spltProvider\archivempg2spltProvider.exe [X]
S2 directxformatClient.exe; C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe [X]
S2 YogaPicks.AppService; "C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:16 - 2015-02-16 15:16 - 00018958 _____ () C:\Users\Maxim\Desktop\FRST.txt
2015-02-16 15:14 - 2015-02-16 15:14 - 00852594 _____ () C:\Users\Maxim\Downloads\SecurityCheck.exe
2015-02-16 14:29 - 2015-02-16 14:29 - 02322184 _____ (ESET) C:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe
2015-02-16 14:29 - 2015-02-16 14:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 14:28 - 2015-02-16 14:28 - 00056979 _____ () C:\Users\Maxim\Downloads\esetsmartinstaller_deu(1).exe
2015-02-16 14:27 - 2015-02-16 14:27 - 00042659 _____ () C:\Users\Maxim\Downloads\esetsmartinstaller_deu.exe
2015-02-16 14:18 - 2015-02-16 15:16 - 00000000 ____D () C:\FRST
2015-02-16 14:16 - 2015-02-16 14:16 - 02085888 _____ (Farbar) C:\Users\Maxim\Desktop\FRST64(3).exe
2015-02-14 23:07 - 2015-02-14 23:07 - 00000614 _____ () C:\Users\Maxim\Desktop\JRT.txt
2015-02-14 23:05 - 2015-02-14 23:05 - 01388274 _____ (Thisisu) C:\Users\Maxim\Downloads\JRT42.exe
2015-02-14 23:05 - 2015-02-14 23:05 - 00031213 _____ () C:\Users\Maxim\Downloads\JRT.exe
2015-02-14 23:03 - 2015-02-16 14:22 - 00000000 ____D () C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery
2015-02-14 22:53 - 2015-02-14 22:53 - 00002456 _____ () C:\Users\Maxim\Desktop\mbam.txt
2015-02-14 21:50 - 2015-02-16 15:01 - 00052736 ___SH () C:\Users\Maxim\Documents\Thumbs.db
2015-02-14 21:49 - 2015-02-14 21:50 - 00027499 _____ () C:\Users\Maxim\Downloads\Addition.txt
2015-02-14 21:07 - 2015-02-16 14:23 - 00056832 ___SH () C:\Users\Maxim\Desktop\Thumbs.db
2015-02-14 21:06 - 2015-02-16 14:22 - 00000464 _____ () C:\WINDOWS\setupact.log
2015-02-14 21:06 - 2015-02-14 23:00 - 00002362 _____ () C:\WINDOWS\PFRO.log
2015-02-14 21:06 - 2015-02-14 21:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-12 21:40 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:40 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:20 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 02:20 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:20 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:20 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:20 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:10 - 2015-02-11 18:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2015-02-11 17:31 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 17:31 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 17:31 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 17:31 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 17:31 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 17:31 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 17:31 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 17:31 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 17:31 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 17:31 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 17:31 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 17:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 17:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 17:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 17:30 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 17:30 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 17:30 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 17:30 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 17:30 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 17:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 17:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 17:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 17:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 17:30 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 17:30 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 17:28 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 17:28 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 17:28 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 17:28 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 17:28 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 17:28 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 13:17 - 2015-02-10 13:17 - 00001295 _____ () C:\Users\Maxim\Desktop\Revo Uninstaller.lnk
2015-02-10 13:17 - 2015-02-10 13:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 13:13 - 2015-02-16 14:35 - 02095091 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 13:11 - 2015-02-10 13:11 - 00623616 _____ () C:\Users\Maxim\Downloads\HitmanPro-32_64_CB-DL-Manager.exe
2015-02-10 13:07 - 2015-02-10 13:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-10 13:06 - 2015-02-10 13:08 - 00000000 ____D () C:\Users\Maxim\Downloads\hitmanpro379
2015-02-10 13:04 - 2015-02-10 13:06 - 13485202 _____ () C:\Users\Maxim\Downloads\hitmanpro379.zip
2015-02-09 18:45 - 2015-02-09 18:46 - 02112512 _____ () C:\Users\Maxim\Downloads\adwcleaner_4.110.exe
2015-02-08 00:35 - 2015-02-08 00:35 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 00:34 - 2015-02-14 23:03 - 00004057 _____ () C:\WINDOWS\wauctla.InstallLog
2015-02-08 00:34 - 2015-02-06 13:13 - 00188928 _____ () C:\WINDOWS\wauctla.exe
2015-02-06 02:43 - 2015-02-02 16:46 - 00105024 _____ () C:\Users\Maxim\Documents\es_gen_Gr1.doc_0_1.odt
2015-01-30 15:50 - 2015-01-30 15:50 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-27 00:32 - 2015-01-27 00:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\b.txt
2015-01-27 00:27 - 2015-01-27 00:28 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Local\TuneUp Software
2015-01-27 00:24 - 2015-02-08 00:21 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\DVDVideoSoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:14 - 2014-11-29 14:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2168408397-1879668375-2819476295-1001
2015-02-16 15:09 - 2014-12-09 14:19 - 00000273 _____ () C:\Users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-02-16 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 14:57 - 2014-12-15 20:00 - 00177664 ___SH () C:\Users\Maxim\Downloads\Thumbs.db
2015-02-16 14:51 - 2014-11-29 15:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 14:45 - 2014-12-03 21:43 - 00001364 _____ () C:\WINDOWS\Tasks\PPI.job
2015-02-16 14:30 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Origin
2015-02-16 14:26 - 2014-09-24 23:58 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-16 14:26 - 2014-09-24 23:58 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-16 14:26 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 14:23 - 2014-11-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-16 14:23 - 2014-11-29 15:14 - 00000000 ___RD () C:\Users\Maxim\OneDrive
2015-02-16 14:22 - 2014-12-03 21:43 - 00001718 _____ () C:\WINDOWS\Tasks\AZEKCUHV.job
2015-02-16 14:22 - 2014-09-24 14:38 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-16 14:22 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 14:21 - 2014-09-24 14:43 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-16 14:21 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 14:13 - 2014-11-29 15:06 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD5BA588-6331-42F6-B6E6-1BE66C337281}
2015-02-15 16:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-14 23:07 - 2014-12-25 06:13 - 00000000 ____D () C:\Users\Maxim\AppData\Local\CrashDumps
2015-02-14 23:00 - 2014-12-03 22:38 - 00000000 ____D () C:\AdwCleaner
2015-02-14 22:51 - 2014-12-03 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 22:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-14 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2015-02-14 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:52 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 14:28 - 2014-12-12 01:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 14:28 - 2014-12-02 02:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 02:49 - 2014-12-02 02:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 02:46 - 2014-12-02 02:31 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 18:24 - 2013-08-22 15:44 - 00377224 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 17:20 - 2014-11-29 14:47 - 00000000 ____D () C:\Users\Maxim
2015-02-09 20:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 20:25 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-02-09 20:25 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-09 18:08 - 2014-04-03 20:15 - 00000000 ____D () C:\WINDOWS\Panther
2015-02-08 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-05 17:20 - 2014-12-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 19:51 - 2014-11-29 15:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 12:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-18 16:29 - 2014-11-29 14:47 - 00000000 ____D () C:\Users\Maxim\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Maxim\AppData\Roaming\AZEKCUHV
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Maxim\AppData\Roaming\PPI
2014-09-24 14:19 - 2014-09-24 14:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 13:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Es scheint jetzt soweit alles wieder normal zu funktionieren, großartig

Vielen lieben Dank


Alt 17.02.2015, 07:06   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery
C:\Users\Maxim\AppData\Roaming\AZEKCUHV
C:\Users\Maxim\AppData\Roaming\PPI
C:\Windows\wauctla.exe
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11740
R2 filequartzx86; C:\WINDOWS\SysWOW64\filequartzx86\filequartzx86.exe [69120 2014-11-04] () [File not signed]
C:\WINDOWS\SysWOW64\filequartzx86
S2 directxformatClient.exe; C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe [X]
C:\Users\Maxim\AppData\Local\directxformatClient
R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
R2 softwarelocalsplRecovery.exe; C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\softwarelocalsplRecovery.exe [211968 2015-02-14] () [File not signed]
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Frisches FRST log bitte.
__________________
--> Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf

Alt 17.02.2015, 20:01   #7
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Komisch, FRST findet die Fixlist.txt nicht, ich habe alles versucht. Sie ist auch in dem FRST Ordner. Leider scheint der Virus doch nicht entfernt zu sein, gestern war alles ok, doch heute morgen erschienen wieder Pop ups und blau makierte Schrift.

Mein Fehler, habe die Fixlist.txt von dem Ornder auf den Deskop verschoben und es ging.

Nachdem der Computer neu gestartet ist, hat mein Proxyserver die Verbindung mit Trojaner Board verweigert, musste dann erst auf "kein Proxy" den Haken setzten damit es wieder geht.

Hier die Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Maxim at 2015-02-17 19:44:43 Run:1
Running from C:\Users\Maxim\Desktop
Loaded Profiles: Maxim (Available profiles: Maxim)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery
C:\Users\Maxim\AppData\Roaming\AZEKCUHV
C:\Users\Maxim\AppData\Roaming\PPI
C:\Windows\wauctla.exe
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11740
R2 filequartzx86; C:\WINDOWS\SysWOW64\filequartzx86\filequartzx86.exe [69120 2014-11-04] () [File not signed]
C:\WINDOWS\SysWOW64\filequartzx86
S2 directxformatClient.exe; C:\Users\Maxim\AppData\Local\directxformatClient\directxformatClient.exe [X]
C:\Users\Maxim\AppData\Local\directxformatClient
R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
R2 softwarelocalsplRecovery.exe; C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\softwarelocalsplRecovery.exe [211968 2015-02-14] () [File not signed]
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery
Emptytemp:

*****************


"C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery" directory move:

C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\applicationsharewareUI.exe => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\msvcp100.dll => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\msvcr100.dll => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\qjson0.dll => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\QtCore4.dll => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\QtNetwork4.dll => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\softwarelocalsplRecovery.exe => Moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery\SrDt.exe => Moved successfully.
Could not move "C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery" directory. => Scheduled to move on reboot.

C:\Users\Maxim\AppData\Roaming\AZEKCUHV => Moved successfully.
C:\Users\Maxim\AppData\Roaming\PPI => Moved successfully.
C:\Windows\wauctla.exe => Moved successfully.
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
filequartzx86 => Unable to stop service
filequartzx86 => Service deleted successfully.
C:\WINDOWS\SysWOW64\filequartzx86 => Moved successfully.
directxformatClient.exe => Service deleted successfully.
"C:\Users\Maxim\AppData\Local\directxformatClient" => File/Directory not found.
wauctla Service => Unable to stop service
wauctla Service => Service deleted successfully.
softwarelocalsplRecovery.exe => Unable to stop service
softwarelocalsplRecovery.exe => Service deleted successfully.

"C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery" directory move:

Could not move "C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery" directory. => Scheduled to move on reboot.

EmptyTemp: => Removed 445.4 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-17 19:45:35)<=

C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery => Is moved successfully.
C:\Users\Maxim\AppData\Local\softwarelocalsplRecovery => Is moved successfully.

==== End of Fixlog 19:45:35 ====

Alt 18.02.2015, 06:34   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Das frische FRST Log bitte noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2015, 14:19   #9
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Jap
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Maxim (administrator) on MAXIMS-ULTRA-PC on 18-02-2015 14:15:51
Running from C:\Users\Maxim\Desktop
Loaded Profiles: Maxim (Available profiles: Maxim)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-03-26] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2781936 2013-12-19] (Synaptics Incorporated)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-09-24] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-24] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-24] (Lenovo(beijing) Limited)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11740
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr | Lenovo (DE)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-14]
FF Extension: CensureBlock - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\censureblock@gmail.com.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\5jdgl1na.default-1423746786435\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-13]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-22]
CHR Extension: (Google Docs) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-22]
CHR Extension: (Google Drive) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google-Suche) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Google Mail) - C:\Users\Maxim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-03-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-24] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-24] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-24] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-24] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-09-24] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-09-24] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-24] (Lenovo)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 archivempg2spltProvider.exe; C:\Users\Maxim\AppData\Local\archivempg2spltProvider\archivempg2spltProvider.exe [X]
S2 YogaPicks.AppService; "C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-19] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:15 - 2015-02-18 14:16 - 00017958 _____ () C:\Users\Maxim\Desktop\FRST.txt
2015-02-18 04:00 - 2015-02-18 04:00 - 00001082 _____ () C:\WINDOWS\PFRO.log
2015-02-18 04:00 - 2015-02-18 04:00 - 00000116 _____ () C:\WINDOWS\setupact.log
2015-02-18 04:00 - 2015-02-18 04:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-17 19:46 - 2015-02-18 01:06 - 00056832 ___SH () C:\Users\Maxim\Desktop\Thumbs.db
2015-02-17 19:45 - 2015-02-18 13:33 - 00178681 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 19:39 - 2015-02-18 14:15 - 00000000 ____D () C:\FRST
2015-02-17 19:39 - 2015-02-17 19:39 - 02085888 _____ (Farbar) C:\Users\Maxim\Desktop\FRST64.exe
2015-02-16 15:14 - 2015-02-16 15:14 - 00852594 _____ () C:\Users\Maxim\Downloads\SecurityCheck.exe
2015-02-16 14:29 - 2015-02-16 14:29 - 02322184 _____ (ESET) C:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe
2015-02-16 14:28 - 2015-02-16 14:28 - 00056979 _____ () C:\Users\Maxim\Downloads\esetsmartinstaller_deu(1).exe
2015-02-16 14:27 - 2015-02-16 14:27 - 00042659 _____ () C:\Users\Maxim\Downloads\esetsmartinstaller_deu.exe
2015-02-14 23:05 - 2015-02-14 23:05 - 01388274 _____ (Thisisu) C:\Users\Maxim\Downloads\JRT42.exe
2015-02-14 23:05 - 2015-02-14 23:05 - 00031213 _____ () C:\Users\Maxim\Downloads\JRT.exe
2015-02-14 21:50 - 2015-02-16 15:01 - 00052736 ___SH () C:\Users\Maxim\Documents\Thumbs.db
2015-02-14 21:49 - 2015-02-14 21:50 - 00027499 _____ () C:\Users\Maxim\Downloads\Addition.txt
2015-02-12 21:40 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:40 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 02:20 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 02:20 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 02:20 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 02:20 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 02:20 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 02:20 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 02:20 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 18:10 - 2015-02-11 18:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2015-02-11 17:31 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 17:31 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 17:31 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 17:31 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 17:31 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 17:31 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 17:31 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 17:31 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 17:31 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 17:31 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 17:31 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 17:31 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 17:30 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 17:30 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 17:30 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 17:30 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 17:30 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 17:30 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 17:30 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 17:30 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 17:30 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 17:30 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 17:30 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 17:30 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 17:30 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 17:30 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 17:30 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 17:30 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 17:30 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 17:30 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 17:30 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 17:30 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 17:30 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 17:30 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 17:30 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 17:28 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 17:28 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 17:28 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 17:28 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 17:28 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 17:28 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 17:28 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 17:28 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 17:28 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 13:17 - 2015-02-10 13:17 - 00001295 _____ () C:\Users\Maxim\Desktop\Revo Uninstaller.lnk
2015-02-10 13:17 - 2015-02-10 13:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-10 13:11 - 2015-02-10 13:11 - 00623616 _____ () C:\Users\Maxim\Downloads\HitmanPro-32_64_CB-DL-Manager.exe
2015-02-10 13:07 - 2015-02-10 13:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-10 13:06 - 2015-02-10 13:08 - 00000000 ____D () C:\Users\Maxim\Downloads\hitmanpro379
2015-02-10 13:04 - 2015-02-10 13:06 - 13485202 _____ () C:\Users\Maxim\Downloads\hitmanpro379.zip
2015-02-09 18:45 - 2015-02-09 18:46 - 02112512 _____ () C:\Users\Maxim\Downloads\adwcleaner_4.110.exe
2015-02-08 00:35 - 2015-02-08 00:35 - 00001186 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00001174 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-08 00:35 - 2015-02-08 00:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-08 00:34 - 2015-02-14 23:03 - 00004057 _____ () C:\WINDOWS\wauctla.InstallLog
2015-02-06 02:43 - 2015-02-02 16:46 - 00105024 _____ () C:\Users\Maxim\Documents\es_gen_Gr1.doc_0_1.odt
2015-01-30 15:50 - 2015-01-30 15:50 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-01-27 00:32 - 2015-01-27 00:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\b.txt
2015-01-27 00:27 - 2015-01-27 00:28 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\TuneUp Software
2015-01-27 00:27 - 2015-01-27 00:27 - 00000000 ____D () C:\Users\Maxim\AppData\Local\TuneUp Software
2015-01-27 00:24 - 2015-02-08 00:21 - 00000000 ____D () C:\Users\Maxim\AppData\Roaming\DVDVideoSoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-18 13:34 - 2014-11-29 15:06 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD5BA588-6331-42F6-B6E6-1BE66C337281}
2015-02-18 13:32 - 2014-09-24 23:58 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-18 13:32 - 2014-09-24 23:58 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-18 13:32 - 2014-03-18 10:53 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-18 04:03 - 2014-12-03 21:43 - 00001718 _____ () C:\WINDOWS\Tasks\AZEKCUHV.job
2015-02-18 04:03 - 2014-12-03 21:43 - 00001364 _____ () C:\WINDOWS\Tasks\PPI.job
2015-02-18 04:03 - 2014-11-29 15:14 - 00000000 ____D () C:\Users\Maxim\OneDrive
2015-02-18 04:00 - 2014-09-24 14:43 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-18 04:00 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-18 04:00 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-18 03:51 - 2014-11-29 15:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-17 20:33 - 2014-11-29 14:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2168408397-1879668375-2819476295-1001
2015-02-17 20:07 - 2014-12-03 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 20:04 - 2014-12-25 06:13 - 00000000 ____D () C:\Users\Maxim\AppData\Local\CrashDumps
2015-02-17 19:50 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Origin
2015-02-17 19:50 - 2014-11-29 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-17 19:50 - 2014-11-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-17 19:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 15:09 - 2014-12-09 14:19 - 00000273 _____ () C:\Users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-02-16 14:57 - 2014-12-15 20:00 - 00177664 ___SH () C:\Users\Maxim\Downloads\Thumbs.db
2015-02-16 14:22 - 2014-09-24 14:38 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-02-14 23:00 - 2014-12-03 22:38 - 00000000 ____D () C:\AdwCleaner
2015-02-14 22:48 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-14 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2015-02-14 20:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 21:52 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 14:28 - 2014-12-12 01:47 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 14:28 - 2014-12-02 02:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-12 02:49 - 2014-12-02 02:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 02:46 - 2014-12-02 02:31 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 18:24 - 2013-08-22 15:44 - 00377224 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 17:20 - 2014-11-29 14:47 - 00000000 ____D () C:\Users\Maxim
2015-02-09 20:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 20:25 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-09 18:08 - 2014-04-03 20:15 - 00000000 ____D () C:\WINDOWS\Panther
2015-02-08 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-05 17:20 - 2014-12-22 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 19:51 - 2014-11-29 15:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 12:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-09-24 14:19 - 2014-09-24 14:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-11 13:28

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Maxim at 2015-02-18 14:16:41
Running from C:\Users\Maxim\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
 Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{E407C8D7-09C6-4056-BFAD-68C5FD8340F0}) (Version: 1.3 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{C23B292D-2656-4A05-97D5-41FDC040158C}) (Version: 3.0.1342.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{E9325F15-6339-45E8-9DC4-C2D44B623039}) (Version: 2.5.1.0224 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0224 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.4 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.0.13.10181 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Lenovo Yoga 2 Demo (HKLM-x32\...\{03C682A4-05CD-4D22-B50A-B9C3C5F2B137}) (Version: 1.0.7 - Lenovo)
Lenovo Yoga PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.1.9.5 - Lenovo)
Lenovo Yoga PhoneCompanion (x32 Version: 1.1.9.5 - Lenovo) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.71 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Yoga Picks (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0106 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2168408397-1879668375-2819476295-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

30-01-2015 15:50:40 Installed Adblock Plus for IE (32-bit and 64-bit)
06-02-2015 15:43:23 Windows Modules Installer
09-02-2015 20:25:27 Removed BlueStacks Notification Center
12-02-2015 21:52:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B5F6028-8A41-4875-AE79-8831EAE9F8BD} - System32\Tasks\PPI => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION
Task: {202DD6FB-B0C1-4DB2-A02A-7E8CC27DADAF} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-20] (Lenovo)
Task: {390348E4-DBA1-4D4A-8A4F-3F9D691CA8BA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {4AFDFBD9-8129-4F31-B4C3-7392D37803C1} - \avaxvyvax No Task File <==== ATTENTION
Task: {554FCAF6-2DC9-413C-9573-36A39DB8CFAF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2168408397-1879668375-2819476295-1001
Task: {596DFD4F-99C0-4538-A310-F3A35998E0F4} - System32\Tasks\AZEKCUHV => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION
Task: {59FF0E69-DBBA-4674-BA17-8A2F79B13283} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {5D59E0B2-0CA5-4CAC-BC14-575F43429748} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {605AE424-83F3-4506-ABAC-FBD800172029} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7442351F-D381-457E-92A3-92B93E0485A1} - System32\Tasks\SystemMedia\SystemMedia 9 => C:\ProgramData\SystemMedia\SystemMedia.exe <==== ATTENTION
Task: {9D2F3539-8EC5-4BA0-B81A-3590EF8E6F36} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C2171A83-05B8-4D0B-BDF0-1AACE4D3FDE6} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-09-24] (Lenovo)
Task: {C3E2767E-D066-4C16-861E-EFDD59EC2665} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] ()
Task: {E753BDAC-0416-47C9-93C6-A1B93ABCE040} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AZEKCUHV.job => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PPI.job => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-09-24 14:42 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-09-24 14:43 - 2014-09-24 14:43 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-09-24 14:43 - 2014-09-24 14:43 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-09-24 14:42 - 2014-09-24 14:42 - 00108304 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00815104 _____ () C:\Program Files\Lenovo Yoga PhoneCompanion\adb.exe
2014-02-24 15:39 - 2014-02-24 15:39 - 00013576 _____ () C:\Program Files (x86)\Lenovo\Motion Control\PointGrabDeviceAPI.dll
2014-09-24 14:17 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00102672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll
2014-09-24 14:42 - 2014-09-24 14:42 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2015-02-08 00:35 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Maxim\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2168408397-1879668375-2819476295-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Maxim\Pictures\Backgrounds Wallpapers HD\4209.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2168408397-1879668375-2819476295-500 - Administrator - Disabled)
Gast (S-1-5-21-2168408397-1879668375-2819476295-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2168408397-1879668375-2819476295-1003 - Limited - Enabled)
Maxim (S-1-5-21-2168408397-1879668375-2819476295-1001 - Administrator - Enabled) => C:\Users\Maxim

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 07:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xce4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/17/2015 01:23:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 03:17:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 03:01:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/16/2015 03:01:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/16/2015 02:44:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 02:30:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/16/2015 02:30:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/16/2015 02:30:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/16/2015 02:29:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/18/2015 04:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YogaPicks.AppService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/18/2015 04:00:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "archivempg2spltProvider.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/17/2015 08:36:59 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (02/17/2015 07:48:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YogaPicks.AppService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/17/2015 07:48:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "archivempg2spltProvider.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/17/2015 07:45:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "YogaPicks.AppService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/17/2015 07:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "archivempg2spltProvider.exe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/17/2015 07:45:11 PM) (Source: DCOM) (EventID: 10010) (User: MAXIMS-ULTRA-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/17/2015 00:38:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1EF430B5-149B-40F2-864C-D77A685302D0}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/16/2015 02:22:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "softwarelocalsplRecovery.exe" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (02/17/2015 07:44:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425ce401d04a28c25743e0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll095c58c9-b6d5-11e4-8284-e8b1fc0cd450

Error: (02/17/2015 01:23:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 03:17:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 03:01:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/16/2015 03:01:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe

Error: (02/16/2015 02:44:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/16/2015 02:30:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe

Error: (02/16/2015 02:30:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe

Error: (02/16/2015 02:30:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe

Error: (02/16/2015 02:29:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maxim\Downloads\esetsmartinstaller_enu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 20%
Total physical RAM: 8112.96 MB
Available physical RAM: 6434.54 MB
Total Pagefile: 9392.96 MB
Available Pagefile: 7426.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:196.7 GB) (Free:160.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 45F180A4)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---

Alt 18.02.2015, 19:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {1B5F6028-8A41-4875-AE79-8831EAE9F8BD} - System32\Tasks\PPI => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION

Task: {4AFDFBD9-8129-4F31-B4C3-7392D37803C1} - \avaxvyvax No Task File <==== ATTENTION

Task: {596DFD4F-99C0-4538-A310-F3A35998E0F4} - System32\Tasks\AZEKCUHV => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION

Task: {7442351F-D381-457E-92A3-92B93E0485A1} - System32\Tasks\SystemMedia\SystemMedia 9 => C:\ProgramData\SystemMedia\SystemMedia.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\AZEKCUHV.job => C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\PPI.job => C:\Users\Maxim\AppData\Roaming\PPI.exe <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ATTENTION
C:\Users\Maxim\AppData\Roaming\PPI.exe
C:\Users\Maxim\AppData\Roaming\AZEKCUHV.exe
C:\ProgramData\SystemMedia
ProxyEnable: [S-1-5-21-2168408397-1879668375-2819476295-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2168408397-1879668375-2819476295-1001] => http=127.0.0.1:11740
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MC20E629B-6B59-486F-9B07-5260C25A6F96&SearchSource=55&CUI=&UM=8&UP=SP7A8B6761-28DB-4171-9092-067F51DB8FD2&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.02.2015, 19:44   #11
Maximus20
 
Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Nach dem letzten Fix funktioniert wieder alles ganz normal, soll ich trozdem nochmal eine Fix.log erstellen? Malwarebytes hat auch nichts mehr gefunden

Alt 19.02.2015, 09:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Standard

Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf



Nö, passt.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf
bluestacks, device driver, feedback, js/toolbar.crossrider.b, msil/toolbar.linkury.f, msil/toolbar.linkury.g, msil/toolbar.linkury.i, msil/toolbar.linkury.m.gen, pup.optional.edealpop.a, pup.optional.edeals.a, pup.optional.edealspop.a, win32/adware.smartapps.e, win32/adware.softwarerefresher.a, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/conduit.searchprotect.y, win32/packed.vmdetector.i, win32/toolbar.bitcocktail.c, win32/toolbar.crossrider.as, win32/toolbar.crossrider.ba, win32/toolbar.crossrider.bc, win32/toolbar.crossrider.bm, win32/toolbar.crossrider.cb, win32/toolbar.perion.j, win32/toolbar.perion.k, win32/vmdetect.d, win64/toolbar.perion.b



Ähnliche Themen: Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf


  1. Pop Ups trotz Blocker, Wörter blau unterstrichen und Werbung ohne Ende
    Alles rund um Windows - 20.10.2015 (7)
  2. einzelne Wörter blau unterstrichen, Browser öffnet Werbeseiten
    Log-Analyse und Auswertung - 19.05.2015 (13)
  3. Win 8.1 - einzelne Wörter im Mozilla Firefox blau unterstrichen; Pop-ups
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (19)
  4. Fenster öffnen sich und wörter werden blau unterstrichen (links)
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  5. wörter grün und blau doppelt unterstrichen
    Log-Analyse und Auswertung - 19.11.2014 (8)
  6. Windows 7, Firefox Wörter blau unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (5)
  7. Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.
    Log-Analyse und Auswertung - 13.11.2014 (11)
  8. Werbung im Browser, Wörter doppelt blau unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2014 (5)
  9. Wörter doppelt blau unterstrichen, Java Update Free
    Log-Analyse und Auswertung - 07.09.2014 (13)
  10. Windows 7 Firefox Wörter blau und unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2014 (13)
  11. Win 7, Wörter blau und doppelt unterstrichen + Werbung
    Log-Analyse und Auswertung - 30.08.2014 (9)
  12. Wörter blau und doppelt unterstrichen + mass Werbung
    Log-Analyse und Auswertung - 04.08.2014 (13)
  13. Wörter blau und doppelt unterstrichen + Werbung
    Log-Analyse und Auswertung - 03.08.2014 (4)
  14. Windows 7: zufällige Wörter blau und doppelt unterstrichen - aufdringliche Werbung
    Log-Analyse und Auswertung - 26.04.2014 (13)
  15. Windows 7: Im Text sind wahllos Wörter grün unterstrichen, welche Werbelinks sind
    Log-Analyse und Auswertung - 09.02.2014 (7)
  16. Windows 7: Viele Wörter werden doppelt blau unterstrichen auf verschiedenen Internetseiten
    Log-Analyse und Auswertung - 27.01.2014 (7)
  17. Einzelne Wörter sind plötzlich blau und doppelt unterstrichen - Fenster öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (23)

Zum Thema Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf - Guten Abend, Ich versuche seit Tagen dieses hartnäckigen Virus zu entfernen. Nun habe ich eine passende Beschreibung des Virus im Trojaner Board gefunden. " Viele Wörter sind blau unterstrichen und - Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf...
Archiv
Du betrachtest: Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.