Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Extrem viel Werbung im Browser nach Installation aus eines Programmes aus dem Internet (https://www.trojaner-board.de/162270-extrem-viel-werbung-browser-installation-programmes-internet.html)

smallB 29.12.2014 21:11
Extrem viel Werbung im Browser nach Installation aus eines Programmes aus dem Internet
 
Hallo,

ich habe gestern versucht eine Datei aus dem Internet zu laden und zu installieren, was allerdings mehr so semioptimal funktioniert hat, sonst wäre ich nicht hier gelandet :D

Also, ich hatte nach dem herunterladen mehrere Programme mit auf meinem Desktop gespeichert, die ich so nicht heruntergeladen habe und auch so nicht haben wollte. Ich habe sie alle versucht zu deinstallieren, in der Hoffnung, dass alles wieder in Ordnung geht. Nun habe ich beim öffnen meines Browsers diverse Werbungen und Anzeigen, die vorher nicht da waren. Ich ersuche Hilfe um diese verdammten Werbungen endlich wieder zu entfernen :D



Vielen Dank

Bootsektor 29.12.2014 21:15
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:
  • Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [] CODE /CODE.
  • Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also CODE Logfile /CODE
  • Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


smallB 29.12.2014 21:32
Hier ist die FRST-Datei:
Code:
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
() C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
(Word Proser) C:\Program Files (x86)\WordProser_1.10.0.1\Service\wpsvc.exe
(Cinema PlusV28.12) C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_42] => C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe [3978920 2014-12-26] ()
HKLM-x32\...\RunOnce: [upgmsd_de_42.exe] => C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe [3307688 2014-12-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3329566954-2143029299-1165726935-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3329566954-2143029299-1165726935-1001] => http=127.0.0.1:65102;https=127.0.0.1:65102
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Cinema-Plus-1.7cV28.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-bho64.dll (Cinema PlusV28.12)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: WordProser -> {F6F484C9-29B9-43EC-A924-DCBAAA86B31D} -> C:\Program Files\WordProser_1.10.0.1\IE\WordProserClientIE.dll (Word Proser)
BHO-x32: Cinema-Plus-1.7cV28.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-bho.dll (Cinema PlusV28.12)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: WordProser -> {F6F484C9-29B9-43EC-A924-DCBAAA86B31D} -> C:\Program Files (x86)\WordProser_1.10.0.1\IE\WordProserClientIE.dll (Word Proser)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://hs-owl.de/"
CHR Profile: C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 wpsvc_1.10.0.1; C:\Program Files (x86)\WordProser_1.10.0.1\Service\wpsvc.exe [277584 2014-10-14] (Word Proser)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 wpnfd_1_10_0_1; C:\Windows\System32\drivers\wpnfd_1_10_0_1.sys [58240 2014-10-14] (Word Proser)
R1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:26 - 2014-12-29 21:27 - 00015756 _____ () C:\Users\fvbpl_000\Desktop\FRST.txt
2014-12-29 21:22 - 2014-12-29 21:26 - 00000000 ____D () C:\FRST
2014-12-29 21:21 - 2014-12-29 21:22 - 02123264 _____ (Farbar) C:\Users\fvbpl_000\Desktop\FRST64.exe
2014-12-29 20:54 - 2014-12-29 20:54 - 00006516 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1
2014-12-29 20:54 - 2014-12-29 20:54 - 00005494 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5
2014-12-29 20:54 - 2014-12-29 20:54 - 00005158 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2
2014-12-29 20:54 - 2014-12-29 20:54 - 00003512 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002490 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002490 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002154 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.job
2014-12-29 20:53 - 2014-12-29 20:56 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42
2014-12-29 20:53 - 2014-12-29 20:54 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.7cV28.12
2014-12-29 20:53 - 2014-12-29 20:53 - 02048488 _____ (Cinema PlusV28.12) C:\Users\fvbpl_000\AppData\Roaming\BALD.exe
2014-12-29 20:53 - 2014-12-29 20:53 - 00008566 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7
2014-12-29 20:53 - 2014-12-29 20:53 - 00008566 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6
2014-12-29 20:53 - 2014-12-29 20:53 - 00007542 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3
2014-12-29 20:53 - 2014-12-29 20:53 - 00005562 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00005562 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00004538 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00004414 _____ () C:\Windows\System32\Tasks\BALD
2014-12-29 20:53 - 2014-12-29 20:53 - 00001384 _____ () C:\Windows\Tasks\BALD.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files\WordProser_1.10.0.1
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\WordProser_1.10.0.1
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_42
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\1842d17d-5034-4f77-aa69-9a951d004098
2014-12-29 20:50 - 2014-12-29 20:50 - 00000000 ___DC () C:\Users\fvbpl_000\AppData\Local\MigWiz
2014-12-28 23:09 - 2014-12-28 23:09 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-28 23:05 - 2014-12-28 23:05 - 00000000 __SHD () C:\Users\fvbpl_000\AppData\Local\EmieBrowserModeList
2014-12-28 23:04 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-28 23:03 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-28 23:02 - 2014-12-29 20:48 - 00001734 _____ () C:\Windows\Tasks\AKGKZPF.job
2014-12-28 23:02 - 2014-12-28 23:02 - 01953768 _____ (CinPlus2.8dV28.12) C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe
2014-12-28 23:02 - 2014-12-28 23:02 - 00004762 _____ () C:\Windows\System32\Tasks\AKGKZPF
2014-12-28 23:02 - 2014-12-28 23:02 - 00004344 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-12-28 23:02 - 2014-12-28 23:02 - 00003562 _____ () C:\Windows\System32\Tasks\RocketTab
2014-12-28 23:02 - 2014-12-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-12-28 23:01 - 2014-12-29 20:58 - 00001016 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-28 23:01 - 2014-12-29 20:58 - 00001012 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-28 23:01 - 2014-12-29 20:53 - 00003988 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-28 23:01 - 2014-12-29 20:53 - 00003752 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-28 23:01 - 2014-12-29 20:53 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\VOPackage
2014-12-28 23:01 - 2014-12-28 23:01 - 00003114 _____ () C:\Windows\System32\Tasks\RPC
2014-12-28 23:01 - 2014-12-28 23:01 - 00001875 _____ () C:\Windows\patsearch.bin
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\globalUpdate
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-28 23:00 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 23:00 - 2014-12-28 23:07 - 00000000 ____D () C:\Program Files\shopperz
2014-12-28 23:00 - 2014-12-28 23:06 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\InetStat
2014-12-28 23:00 - 2014-12-28 23:00 - 00000045 _____ () C:\user.js
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Program Files (x86)\RPC
2014-12-28 22:59 - 2014-12-28 22:59 - 00594184 _____ () C:\Users\fvbpl_000\Downloads\QuickTime.exe
2014-12-28 22:15 - 2014-12-28 22:50 - 00110592 ___SH () C:\Users\fvbpl_000\Downloads\Thumbs.db
2014-12-28 22:11 - 2014-12-28 22:52 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Silvester
2014-12-28 22:09 - 2014-12-28 22:09 - 00076224 _____ () C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe
2014-12-24 09:01 - 2014-12-24 09:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 15:00 - 2014-12-23 15:00 - 00000000 ____D () C:\Users\fvbpl_000\Documents\Electronic Arts
2014-12-23 14:56 - 2014-12-23 14:56 - 00001366 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-23 14:55 - 2014-12-23 14:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-23 14:55 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-23 14:10 - 2014-12-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-23 14:07 - 2014-12-24 11:07 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Origin
2014-12-23 14:06 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 14:05 - 2014-12-23 15:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 14:05 - 2014-12-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-23 14:05 - 2014-12-23 14:05 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-20 21:03 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 21:03 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 00:06 - 2014-12-20 00:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 10:36 - 2013-06-25 08:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Misa
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520 (1).exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00675988 _____ () C:\Users\fvbpl_000\Desktop\Minecraft.exe
2014-12-16 14:51 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-16 14:51 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-16 14:51 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-16 14:51 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-16 14:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-16 14:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-16 14:46 - 2014-12-21 20:04 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\.minecraft
2014-12-16 14:46 - 2014-12-16 14:46 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\java
2014-12-16 13:40 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:40 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-16 13:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 13:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-16 13:40 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-16 13:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-16 13:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-16 13:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 13:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-16 13:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-16 13:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-16 13:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 13:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-16 13:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 13:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 13:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 13:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-16 13:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-16 13:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-07 15:14 - 2014-12-07 15:14 - 00012288 ___SH () C:\Users\fvbpl_000\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:08 - 2014-10-22 11:57 - 01348408 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 20:58 - 2014-10-22 12:06 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329566954-2143029299-1165726935-1001
2014-12-29 20:53 - 2014-10-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-29 20:53 - 2014-10-22 12:03 - 00000000 __RDO () C:\Users\fvbpl_000\OneDrive
2014-12-29 20:50 - 2014-10-25 12:21 - 00000000 ___RD () C:\Users\fvbpl_000\Google Drive
2014-12-29 20:48 - 2014-10-22 13:19 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 00:23 - 2014-10-22 14:30 - 00875454 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-29 00:04 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Apple Computer
2014-12-28 23:29 - 2014-10-22 13:19 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 23:23 - 2014-10-22 12:00 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Packages
2014-12-28 23:10 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apple Computer
2014-12-28 23:00 - 2013-08-22 15:46 - 00018288 _____ () C:\Windows\setupact.log
2014-12-28 18:07 - 2014-10-22 15:33 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-27 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-20 21:09 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 21:09 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-20 21:09 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-20 21:02 - 2014-03-18 02:51 - 00007532 _____ () C:\Windows\PFRO.log
2014-12-20 21:02 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 03:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-20 00:06 - 2014-11-07 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 00:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 17:14 - 2014-10-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-19 17:13 - 2014-10-22 12:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 17:09 - 2014-11-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 17:04 - 2014-11-07 13:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 13:41 - 2014-11-24 08:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 14:46 - 2014-10-22 13:19 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 15:10 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Logistik
2014-12-05 02:11 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Ausbildung

Some content of TEMP:
====================
C:\Users\fvbpl_000\AppData\Local\Temp\9637C17B-EE39-675C-B958-970E535B81D2.exe
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.dll
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.exe
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\ose00000.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLitebb19d489-7776-4501-bfcf-e8751283980f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 20:47

==================== End Of Log ============================
Und die Addition-Datei
Code:
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cinema-Plus-1.7cV28.12 (HKLM-x32\...\Cinema-Plus-1.7cV28.12) (Version: 1.35.12.18 - Cinema PlusV28.12) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
GamesDesktop 014.42 (HKLM-x32\...\gmsd_de_42_is1) (Version:  - GAMESDESKTOP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 1600W (HKLM\...\KONICA MINOLTA magicolor 1600W) (Version:  - )
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.5.0 - Lenovo Group Limited)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Word Proser 1.10.0.1 (HKLM-x32\...\WordProser_1.10.0.1) (Version: 1.10.0.1 - Word Proser) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-12-2014 02:44:24 Geplanter Prüfpunkt
19-12-2014 16:49:29 Windows Update
23-12-2014 14:55:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {007E9462-F849-4BF1-98DE-560AE386D82B} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {08F3A7A0-9793-46CC-A5DC-473F2E632F16} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {0928BB3A-58CE-4BA5-85CF-58D2CC6E12C6} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {10207AD6-AEDE-4B81-B95A-59639693DE9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10800D64-56CF-47AB-A51E-F554F558D106} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16D8C035-CEB5-4577-90C9-ACE0999957B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2BBED10F-D1B3-4B68-9619-B420D3280942} - System32\Tasks\BALD => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe [2014-12-28] (CinPlus2.8dV28.12) <==== ATTENTION
Task: {415926C1-5B8C-4E39-855E-5282F34EDD25} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {4F285C8E-A46D-4120-A4BC-8F271BE3AE85} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {6F6D1884-C3C7-4301-9CEA-3F279F6CE0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D669744-160C-4026-B60A-AAF9CE727926} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9639DD1B-DACC-44D3-B3E5-895F9635CE8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A3744848-0189-4A5A-83AC-FA72378D5D77} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {AE6F7E9D-72B2-49CC-AA08-A454D7E425DC} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {B7300B9C-3F24-4E35-ADAA-4F3E06DAC4C0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {BC08E41B-1E18-429A-9EDE-52556CCC36E2} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {C927433E-49AD-4589-ABFA-BB0D6A84E923} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-codedownloader.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {CCC7CFFD-2A74-4E8F-8112-053D639787A2} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe [2014-11-26] ()
Task: {D225F681-9EE9-4FCD-B1EE-15AE0D6A588F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D3645513-1935-40A7-A006-F6C729622F6E} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-28] () <==== ATTENTION
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: {EB1CF6C7-48CA-4BF1-98FC-FA179C56415A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {FE172F25-7713-4206-9A26-28F99DB23B7D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: C:\Windows\Tasks\BALD.job => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 15:03 - 2013-08-19 15:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-28 23:02 - 2014-12-28 23:02 - 02665984 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-12-29 20:53 - 2014-12-26 12:28 - 03978920 _____ () C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
2014-12-29 20:53 - 2014-12-26 12:28 - 03307688 _____ () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
2013-07-19 22:29 - 2013-07-19 22:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 14:18 - 2013-08-08 12:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00098816 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32api.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00110080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pywintypes27.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00364544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pythoncom27.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00045568 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_socket.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01160704 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_ssl.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00320512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00713216 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_hashlib.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01175040 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._core_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00805888 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00811008 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01062400 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00735232 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00128512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_elementtree.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00127488 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pyexpat.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00557056 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00087552 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_ctypes.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00119808 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32file.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00108544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32security.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00007168 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\hashobjs_ext.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00167936 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32gui.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00018432 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32event.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00038912 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32inet.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00011264 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32crypt.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00070656 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._html2.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00027136 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_multiprocessing.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00035840 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32process.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00686080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\unicodedata.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00122368 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00024064 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32pipe.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00025600 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32pdh.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00525640 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\windows._lib_cacheinvalidation.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00010240 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\select.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00017408 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32profile.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00022528 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32ts.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00078336 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._animate.pyd
2014-12-29 20:53 - 2014-12-29 20:53 - 00168936 _____ () C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\9f97ccac-4bf3-47be-8f19-f9fca3aa8c81.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fvbpl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3329566954-2143029299-1165726935-500 - Administrator - Disabled)
Gast (S-1-5-21-3329566954-2143029299-1165726935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329566954-2143029299-1165726935-1003 - Limited - Enabled)
Julian Bischoff (S-1-5-21-3329566954-2143029299-1165726935-1001 - Administrator - Enabled) => C:\Users\fvbpl_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 08:53:43 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2014 00:00:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VLC_WINRT_APP.Windows.exe, Version: 1.0.0.0, Zeitstempel: 0x543bada3
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000fb152
ID des fehlerhaften Prozesses: 0x1e88
Startzeit der fehlerhaften Anwendung: 0xVLC_WINRT_APP.Windows.exe0
Pfad der fehlerhaften Anwendung: VLC_WINRT_APP.Windows.exe1
Pfad des fehlerhaften Moduls: VLC_WINRT_APP.Windows.exe2
Berichtskennung: VLC_WINRT_APP.Windows.exe3
Vollständiger Name des fehlerhaften Pakets: VLC_WINRT_APP.Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VLC_WINRT_APP.Windows.exe5

Error: (12/28/2014 11:21:06 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JULIANS-PC)
Description: windows_ie_ac_0013

Error: (12/28/2014 11:01:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (12/28/2014 10:58:56 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234


System errors:
=============
Error: (12/28/2014 11:01:45 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

Error: (12/27/2014 01:05:20 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/27/2014 01:04:50 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/27/2014 00:48:50 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 03:35:51 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/23/2014 03:35:21 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (12/29/2014 08:53:43 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2014 00:00:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VLC_WINRT_APP.Windows.exe1.0.0.0543bada3combase.dll6.3.9600.1703153086d7cc000027b000fb1521e8801d022f177360cacC:\Program Files\WindowsApps\VideoLAN.VLCforWindows8_0.1.1.0_x86__paz6r1rewnh0a\VLC_WINRT_APP.Windows.exeC:\Windows\SYSTEM32\combase.dll446f590a-8ee5-11e4-8259-c0143dc3fd0cVideoLAN.VLCforWindows8_0.1.1.0_x86__paz6r1rewnh0aApp

Error: (12/28/2014 11:21:06 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JULIANS-PC)
Description: windows_ie_ac_0013

Error: (12/28/2014 11:01:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/28/2014 10:58:56 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234


CodeIntegrity Errors:
===================================
  Date: 2014-12-28 23:03:50.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 12:54:16.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:23.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 02:50:40.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-26 05:01:34.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 81%
Total physical RAM: 3996.36 MB
Available physical RAM: 741.61 MB
Total Pagefile: 4700.36 MB
Available Pagefile: 738.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.89 GB) (Free:392.36 GB) NTFS
Drive e: (THE_WOLF_OF_WALL_STREET) (CDROM) (Total:7.65 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F8E0386)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================

Bootsektor 29.12.2014 21:49
Da fehlen leider Teile von der FRST.txt und Addition.txt bitte vollständig posten, danke :)

smallB 29.12.2014 21:53
Dann versuche ich es nochmal :D
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Julian Bischoff (administrator) on JULIANS-PC on 29-12-2014 21:26:44
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
() C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
(Word Proser) C:\Program Files (x86)\WordProser_1.10.0.1\Service\wpsvc.exe
(Cinema PlusV28.12) C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_42] => C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe [3978920 2014-12-26] ()
HKLM-x32\...\RunOnce: [upgmsd_de_42.exe] => C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe [3307688 2014-12-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3329566954-2143029299-1165726935-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3329566954-2143029299-1165726935-1001] => http=127.0.0.1:65102;https=127.0.0.1:65102
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Cinema-Plus-1.7cV28.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-bho64.dll (Cinema PlusV28.12)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: WordProser -> {F6F484C9-29B9-43EC-A924-DCBAAA86B31D} -> C:\Program Files\WordProser_1.10.0.1\IE\WordProserClientIE.dll (Word Proser)
BHO-x32: Cinema-Plus-1.7cV28.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-bho.dll (Cinema PlusV28.12)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: WordProser -> {F6F484C9-29B9-43EC-A924-DCBAAA86B31D} -> C:\Program Files (x86)\WordProser_1.10.0.1\IE\WordProserClientIE.dll (Word Proser)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://hs-owl.de/"
CHR Profile: C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 wpsvc_1.10.0.1; C:\Program Files (x86)\WordProser_1.10.0.1\Service\wpsvc.exe [277584 2014-10-14] (Word Proser)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 wpnfd_1_10_0_1; C:\Windows\System32\drivers\wpnfd_1_10_0_1.sys [58240 2014-10-14] (Word Proser)
R1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:26 - 2014-12-29 21:27 - 00015756 _____ () C:\Users\fvbpl_000\Desktop\FRST.txt
2014-12-29 21:22 - 2014-12-29 21:26 - 00000000 ____D () C:\FRST
2014-12-29 21:21 - 2014-12-29 21:22 - 02123264 _____ (Farbar) C:\Users\fvbpl_000\Desktop\FRST64.exe
2014-12-29 20:54 - 2014-12-29 20:54 - 00006516 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1
2014-12-29 20:54 - 2014-12-29 20:54 - 00005494 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5
2014-12-29 20:54 - 2014-12-29 20:54 - 00005158 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2
2014-12-29 20:54 - 2014-12-29 20:54 - 00003512 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002490 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002490 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.job
2014-12-29 20:54 - 2014-12-29 20:54 - 00002154 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.job
2014-12-29 20:53 - 2014-12-29 20:56 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42
2014-12-29 20:53 - 2014-12-29 20:54 - 00000000 ____D () C:\Program Files (x86)\Cinema-Plus-1.7cV28.12
2014-12-29 20:53 - 2014-12-29 20:53 - 02048488 _____ (Cinema PlusV28.12) C:\Users\fvbpl_000\AppData\Roaming\BALD.exe
2014-12-29 20:53 - 2014-12-29 20:53 - 00008566 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7
2014-12-29 20:53 - 2014-12-29 20:53 - 00008566 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6
2014-12-29 20:53 - 2014-12-29 20:53 - 00007542 _____ () C:\Windows\System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3
2014-12-29 20:53 - 2014-12-29 20:53 - 00005562 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00005562 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00004538 _____ () C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00004414 _____ () C:\Windows\System32\Tasks\BALD
2014-12-29 20:53 - 2014-12-29 20:53 - 00001384 _____ () C:\Windows\Tasks\BALD.job
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files\WordProser_1.10.0.1
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\WordProser_1.10.0.1
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_42
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\1842d17d-5034-4f77-aa69-9a951d004098
2014-12-29 20:50 - 2014-12-29 20:50 - 00000000 ___DC () C:\Users\fvbpl_000\AppData\Local\MigWiz
2014-12-28 23:09 - 2014-12-28 23:09 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-28 23:05 - 2014-12-28 23:05 - 00000000 __SHD () C:\Users\fvbpl_000\AppData\Local\EmieBrowserModeList
2014-12-28 23:04 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-28 23:03 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-28 23:02 - 2014-12-29 20:48 - 00001734 _____ () C:\Windows\Tasks\AKGKZPF.job
2014-12-28 23:02 - 2014-12-28 23:02 - 01953768 _____ (CinPlus2.8dV28.12) C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe
2014-12-28 23:02 - 2014-12-28 23:02 - 00004762 _____ () C:\Windows\System32\Tasks\AKGKZPF
2014-12-28 23:02 - 2014-12-28 23:02 - 00004344 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-12-28 23:02 - 2014-12-28 23:02 - 00003562 _____ () C:\Windows\System32\Tasks\RocketTab
2014-12-28 23:02 - 2014-12-28 23:02 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-12-28 23:01 - 2014-12-29 20:58 - 00001016 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-28 23:01 - 2014-12-29 20:58 - 00001012 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-28 23:01 - 2014-12-29 20:53 - 00003988 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-28 23:01 - 2014-12-29 20:53 - 00003752 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-28 23:01 - 2014-12-29 20:53 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\VOPackage
2014-12-28 23:01 - 2014-12-28 23:01 - 00003114 _____ () C:\Windows\System32\Tasks\RPC
2014-12-28 23:01 - 2014-12-28 23:01 - 00001875 _____ () C:\Windows\patsearch.bin
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\globalUpdate
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-28 23:00 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 23:00 - 2014-12-28 23:07 - 00000000 ____D () C:\Program Files\shopperz
2014-12-28 23:00 - 2014-12-28 23:06 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\InetStat
2014-12-28 23:00 - 2014-12-28 23:00 - 00000045 _____ () C:\user.js
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Program Files (x86)\RPC
2014-12-28 22:59 - 2014-12-28 22:59 - 00594184 _____ () C:\Users\fvbpl_000\Downloads\QuickTime.exe
2014-12-28 22:15 - 2014-12-28 22:50 - 00110592 ___SH () C:\Users\fvbpl_000\Downloads\Thumbs.db
2014-12-28 22:11 - 2014-12-28 22:52 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Silvester
2014-12-28 22:09 - 2014-12-28 22:09 - 00076224 _____ () C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe
2014-12-24 09:01 - 2014-12-24 09:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 15:00 - 2014-12-23 15:00 - 00000000 ____D () C:\Users\fvbpl_000\Documents\Electronic Arts
2014-12-23 14:56 - 2014-12-23 14:56 - 00001366 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-23 14:55 - 2014-12-23 14:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-23 14:55 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-23 14:10 - 2014-12-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-23 14:07 - 2014-12-24 11:07 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Origin
2014-12-23 14:06 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 14:05 - 2014-12-23 15:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 14:05 - 2014-12-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-23 14:05 - 2014-12-23 14:05 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-20 21:03 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 21:03 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 00:06 - 2014-12-20 00:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 10:36 - 2013-06-25 08:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Misa
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520 (1).exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00675988 _____ () C:\Users\fvbpl_000\Desktop\Minecraft.exe
2014-12-16 14:51 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-16 14:51 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-16 14:51 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-16 14:51 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-16 14:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-16 14:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-16 14:46 - 2014-12-21 20:04 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\.minecraft
2014-12-16 14:46 - 2014-12-16 14:46 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\java
2014-12-16 13:40 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:40 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-16 13:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 13:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-16 13:40 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-16 13:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-16 13:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-16 13:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 13:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-16 13:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-16 13:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-16 13:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 13:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-16 13:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 13:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 13:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 13:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-16 13:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-16 13:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-07 15:14 - 2014-12-07 15:14 - 00012288 ___SH () C:\Users\fvbpl_000\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:08 - 2014-10-22 11:57 - 01348408 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 20:58 - 2014-10-22 12:06 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329566954-2143029299-1165726935-1001
2014-12-29 20:53 - 2014-10-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-29 20:53 - 2014-10-22 12:03 - 00000000 __RDO () C:\Users\fvbpl_000\OneDrive
2014-12-29 20:50 - 2014-10-25 12:21 - 00000000 ___RD () C:\Users\fvbpl_000\Google Drive
2014-12-29 20:48 - 2014-10-22 13:19 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 00:23 - 2014-10-22 14:30 - 00875454 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-29 00:04 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Apple Computer
2014-12-28 23:29 - 2014-10-22 13:19 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 23:23 - 2014-10-22 12:00 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Packages
2014-12-28 23:10 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apple Computer
2014-12-28 23:00 - 2013-08-22 15:46 - 00018288 _____ () C:\Windows\setupact.log
2014-12-28 18:07 - 2014-10-22 15:33 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-27 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-20 21:09 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 21:09 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-20 21:09 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-20 21:02 - 2014-03-18 02:51 - 00007532 _____ () C:\Windows\PFRO.log
2014-12-20 21:02 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 03:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-20 00:06 - 2014-11-07 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 00:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 17:14 - 2014-10-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-19 17:13 - 2014-10-22 12:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 17:09 - 2014-11-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 17:04 - 2014-11-07 13:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 13:41 - 2014-11-24 08:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 14:46 - 2014-10-22 13:19 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 15:10 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Logistik
2014-12-05 02:11 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Ausbildung

Some content of TEMP:
====================
C:\Users\fvbpl_000\AppData\Local\Temp\9637C17B-EE39-675C-B958-970E535B81D2.exe
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.dll
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.exe
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\ose00000.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLitebb19d489-7776-4501-bfcf-e8751283980f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 20:47

==================== End Of Log ============================
--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Julian Bischoff at 2014-12-29 21:28:34
Running from C:\Users\fvbpl_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cinema-Plus-1.7cV28.12 (HKLM-x32\...\Cinema-Plus-1.7cV28.12) (Version: 1.35.12.18 - Cinema PlusV28.12) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
GamesDesktop 014.42 (HKLM-x32\...\gmsd_de_42_is1) (Version:  - GAMESDESKTOP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 1600W (HKLM\...\KONICA MINOLTA magicolor 1600W) (Version:  - )
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.5.0 - Lenovo Group Limited)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Word Proser 1.10.0.1 (HKLM-x32\...\WordProser_1.10.0.1) (Version: 1.10.0.1 - Word Proser) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-12-2014 02:44:24 Geplanter Prüfpunkt
19-12-2014 16:49:29 Windows Update
23-12-2014 14:55:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {007E9462-F849-4BF1-98DE-560AE386D82B} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {08F3A7A0-9793-46CC-A5DC-473F2E632F16} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {0928BB3A-58CE-4BA5-85CF-58D2CC6E12C6} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {10207AD6-AEDE-4B81-B95A-59639693DE9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10800D64-56CF-47AB-A51E-F554F558D106} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16D8C035-CEB5-4577-90C9-ACE0999957B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2BBED10F-D1B3-4B68-9619-B420D3280942} - System32\Tasks\BALD => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe [2014-12-28] (CinPlus2.8dV28.12) <==== ATTENTION
Task: {415926C1-5B8C-4E39-855E-5282F34EDD25} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {4F285C8E-A46D-4120-A4BC-8F271BE3AE85} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {6F6D1884-C3C7-4301-9CEA-3F279F6CE0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D669744-160C-4026-B60A-AAF9CE727926} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9639DD1B-DACC-44D3-B3E5-895F9635CE8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A3744848-0189-4A5A-83AC-FA72378D5D77} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {AE6F7E9D-72B2-49CC-AA08-A454D7E425DC} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {B7300B9C-3F24-4E35-ADAA-4F3E06DAC4C0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {BC08E41B-1E18-429A-9EDE-52556CCC36E2} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {C927433E-49AD-4589-ABFA-BB0D6A84E923} - System32\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1 => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-codedownloader.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {CCC7CFFD-2A74-4E8F-8112-053D639787A2} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe [2014-11-26] ()
Task: {D225F681-9EE9-4FCD-B1EE-15AE0D6A588F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D3645513-1935-40A7-A006-F6C729622F6E} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-28] () <==== ATTENTION
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: {EB1CF6C7-48CA-4BF1-98FC-FA179C56415A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {FE172F25-7713-4206-9A26-28F99DB23B7D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-1.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\Cinema-Plus-1.7cV28.12-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5_user.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.job => C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\325c2682-cb0d-4bc1-acf3-dc617dbbf1c5-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: C:\Windows\Tasks\BALD.job => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 15:03 - 2013-08-19 15:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-28 23:02 - 2014-12-28 23:02 - 02665984 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-12-29 20:53 - 2014-12-26 12:28 - 03978920 _____ () C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
2014-12-29 20:53 - 2014-12-26 12:28 - 03307688 _____ () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
2013-07-19 22:29 - 2013-07-19 22:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 14:18 - 2013-08-08 12:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00098816 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32api.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00110080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pywintypes27.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00364544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pythoncom27.dll
2014-12-29 20:48 - 2014-12-29 20:48 - 00045568 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_socket.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01160704 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_ssl.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00320512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00713216 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_hashlib.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01175040 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._core_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00805888 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00811008 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 01062400 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00735232 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00128512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_elementtree.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00127488 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pyexpat.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00557056 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00087552 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_ctypes.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00119808 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32file.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00108544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32security.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00007168 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\hashobjs_ext.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00167936 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32gui.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00018432 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32event.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00038912 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32inet.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00011264 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32crypt.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00070656 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._html2.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00027136 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\_multiprocessing.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00035840 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32process.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00686080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\unicodedata.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00122368 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00024064 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32pipe.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00025600 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32pdh.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00525640 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\windows._lib_cacheinvalidation.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00010240 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\select.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00017408 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32profile.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00022528 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\win32ts.pyd
2014-12-29 20:48 - 2014-12-29 20:48 - 00078336 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI36962\wx._animate.pyd
2014-12-29 20:53 - 2014-12-29 20:53 - 00168936 _____ () C:\Program Files (x86)\Cinema-Plus-1.7cV28.12\9f97ccac-4bf3-47be-8f19-f9fca3aa8c81.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fvbpl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3329566954-2143029299-1165726935-500 - Administrator - Disabled)
Gast (S-1-5-21-3329566954-2143029299-1165726935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329566954-2143029299-1165726935-1003 - Limited - Enabled)
Julian Bischoff (S-1-5-21-3329566954-2143029299-1165726935-1001 - Administrator - Enabled) => C:\Users\fvbpl_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2014 08:53:43 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2014 00:00:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VLC_WINRT_APP.Windows.exe, Version: 1.0.0.0, Zeitstempel: 0x543bada3
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53086d7c
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000fb152
ID des fehlerhaften Prozesses: 0x1e88
Startzeit der fehlerhaften Anwendung: 0xVLC_WINRT_APP.Windows.exe0
Pfad der fehlerhaften Anwendung: VLC_WINRT_APP.Windows.exe1
Pfad des fehlerhaften Moduls: VLC_WINRT_APP.Windows.exe2
Berichtskennung: VLC_WINRT_APP.Windows.exe3
Vollständiger Name des fehlerhaften Pakets: VLC_WINRT_APP.Windows.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VLC_WINRT_APP.Windows.exe5

Error: (12/28/2014 11:21:06 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JULIANS-PC)
Description: windows_ie_ac_0013

Error: (12/28/2014 11:01:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (12/28/2014 10:58:56 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234


System errors:
=============
Error: (12/28/2014 11:01:45 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

Error: (12/27/2014 01:05:20 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/27/2014 01:04:50 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/27/2014 00:48:50 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 03:35:51 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/23/2014 03:35:21 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (12/29/2014 08:53:43 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (12/29/2014 00:23:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/29/2014 00:00:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VLC_WINRT_APP.Windows.exe1.0.0.0543bada3combase.dll6.3.9600.1703153086d7cc000027b000fb1521e8801d022f177360cacC:\Program Files\WindowsApps\VideoLAN.VLCforWindows8_0.1.1.0_x86__paz6r1rewnh0a\VLC_WINRT_APP.Windows.exeC:\Windows\SYSTEM32\combase.dll446f590a-8ee5-11e4-8259-c0143dc3fd0cVideoLAN.VLCforWindows8_0.1.1.0_x86__paz6r1rewnh0aApp

Error: (12/28/2014 11:21:06 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JULIANS-PC)
Description: windows_ie_ac_0013

Error: (12/28/2014 11:01:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: JULIANS-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/28/2014 10:58:56 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (12/28/2014 07:22:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234


CodeIntegrity Errors:
===================================
  Date: 2014-12-28 23:03:50.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 12:54:16.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:23.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 02:50:40.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-26 05:01:34.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 81%
Total physical RAM: 3996.36 MB
Available physical RAM: 741.61 MB
Total Pagefile: 4700.36 MB
Available Pagefile: 738.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.89 GB) (Free:392.36 GB) NTFS
Drive e: (THE_WOLF_OF_WALL_STREET) (CDROM) (Total:7.65 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F8E0386)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================

Bootsektor 30.12.2014 16:29
Hallo,



Schritt 1
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.
Wiederhole die selben Schritte mit folgenden Dateien:
Code:
C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
Schritt 2
Bitte deinstalliere folgende Programme:
Cinema-Plus-1.7cV28.12
Remote Desktop Access
RocketTab
Word Proser 1.10.0.1

Dazu drücke auf:
Windowstaste und X
dann:
Programme und Funktionen --> Programm auswählen --> entfernen

Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus.

Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

smallB 04.01.2015 13:16
https://www.virustotal.com/de/file/b2718ade82e571dad44258518e92f413a12317858a24faf82dcd74a34fb12b9d/analysis/1420372896/

Von der ersten Codebox

https://www.virustotal.com/de/file/aa55737ce038254597d1c1dc8a23ba9e0a43ae4098b33be84564c3cda3bdce5f/analysis/1420373278/

Aus der zweiten Codebox

FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Julian Bischoff (administrator) on JULIANS-PC on 04-01-2015 13:13:36
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
() C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_de_42] => C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe [3978920 2014-12-26] ()
HKLM-x32\...\RunOnce: [upgmsd_de_42.exe] => C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe [3307688 2014-12-26] ()
HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://hs-owl.de/"
CHR Profile: C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-29] (globalUpdate) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 cherimoya; system32\drivers\cherimoya.sys [X]
R1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:12 - 2015-01-04 13:13 - 00014605 _____ () C:\Users\fvbpl_000\Desktop\FRST.txt
2014-12-29 21:22 - 2015-01-04 13:13 - 00000000 ____D () C:\FRST
2014-12-29 21:21 - 2015-01-04 13:09 - 02123776 _____ (Farbar) C:\Users\fvbpl_000\Desktop\FRST64.exe
2014-12-29 20:53 - 2015-01-04 12:53 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42
2014-12-29 20:53 - 2015-01-01 20:53 - 00001384 _____ () C:\Windows\Tasks\BALD.job
2014-12-29 20:53 - 2014-12-29 20:53 - 02048488 _____ (Cinema PlusV28.12) C:\Users\fvbpl_000\AppData\Roaming\BALD.exe
2014-12-29 20:53 - 2014-12-29 20:53 - 00004414 _____ () C:\Windows\System32\Tasks\BALD
2014-12-29 20:53 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_42
2014-12-29 20:50 - 2014-12-29 20:50 - 00000000 ___DC () C:\Users\fvbpl_000\AppData\Local\MigWiz
2014-12-28 23:09 - 2014-12-28 23:09 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-28 23:05 - 2014-12-28 23:05 - 00000000 __SHD () C:\Users\fvbpl_000\AppData\Local\EmieBrowserModeList
2014-12-28 23:04 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-28 23:03 - 2014-12-28 23:04 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-28 23:02 - 2015-01-04 13:07 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-12-28 23:02 - 2015-01-01 17:10 - 00001734 _____ () C:\Windows\Tasks\AKGKZPF.job
2014-12-28 23:02 - 2014-12-28 23:02 - 01953768 _____ (CinPlus2.8dV28.12) C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe
2014-12-28 23:02 - 2014-12-28 23:02 - 00004762 _____ () C:\Windows\System32\Tasks\AKGKZPF
2014-12-28 23:01 - 2015-01-01 20:58 - 00001016 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-28 23:01 - 2015-01-01 20:58 - 00001012 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-28 23:01 - 2014-12-29 20:53 - 00003988 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-28 23:01 - 2014-12-29 20:53 - 00003752 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-28 23:01 - 2014-12-28 23:01 - 00003114 _____ () C:\Windows\System32\Tasks\RPC
2014-12-28 23:01 - 2014-12-28 23:01 - 00001875 _____ () C:\Windows\patsearch.bin
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\globalUpdate
2014-12-28 23:01 - 2014-12-28 23:01 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-12-28 23:00 - 2014-12-29 20:53 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 23:00 - 2014-12-28 23:07 - 00000000 ____D () C:\Program Files\shopperz
2014-12-28 23:00 - 2014-12-28 23:06 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\InetStat
2014-12-28 23:00 - 2014-12-28 23:00 - 00000045 _____ () C:\user.js
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Program Files (x86)\RPC
2014-12-28 22:59 - 2014-12-28 22:59 - 00594184 _____ () C:\Users\fvbpl_000\Downloads\QuickTime.exe
2014-12-28 22:15 - 2014-12-28 22:50 - 00110592 ___SH () C:\Users\fvbpl_000\Downloads\Thumbs.db
2014-12-28 22:11 - 2014-12-28 22:52 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Silvester
2014-12-28 22:09 - 2014-12-28 22:09 - 00076224 _____ () C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe
2014-12-24 09:01 - 2014-12-24 09:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 15:00 - 2014-12-23 15:00 - 00000000 ____D () C:\Users\fvbpl_000\Documents\Electronic Arts
2014-12-23 14:56 - 2014-12-23 14:56 - 00001366 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-23 14:55 - 2014-12-23 14:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-23 14:55 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-23 14:10 - 2014-12-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-23 14:07 - 2014-12-24 11:07 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Origin
2014-12-23 14:06 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 14:05 - 2014-12-23 15:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 14:05 - 2014-12-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-23 14:05 - 2014-12-23 14:05 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-20 21:03 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 21:03 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 00:06 - 2014-12-20 00:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 10:36 - 2013-06-25 08:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Misa
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520 (1).exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00675988 _____ () C:\Users\fvbpl_000\Desktop\Minecraft.exe
2014-12-16 14:51 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-16 14:51 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-16 14:51 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-16 14:51 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-16 14:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-16 14:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-16 14:46 - 2015-01-04 11:57 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\.minecraft
2014-12-16 14:46 - 2014-12-16 14:46 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\java
2014-12-16 13:40 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:40 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-16 13:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 13:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-16 13:40 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-16 13:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-16 13:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-16 13:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 13:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-16 13:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-16 13:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-16 13:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 13:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-16 13:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 13:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 13:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 13:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-16 13:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-16 13:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-07 15:14 - 2014-12-07 15:14 - 00012288 ___SH () C:\Users\fvbpl_000\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 13:12 - 2014-10-22 11:57 - 02008328 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 13:11 - 2014-10-22 12:06 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329566954-2143029299-1165726935-1001
2015-01-04 13:10 - 2014-10-22 12:03 - 00000000 ___DO () C:\Users\fvbpl_000\OneDrive
2015-01-04 13:06 - 2014-10-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-04 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-04 12:29 - 2014-10-22 13:19 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 19:42 - 2014-10-25 12:21 - 00000000 ___RD () C:\Users\fvbpl_000\Google Drive
2015-01-01 15:22 - 2014-10-22 13:19 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 18:01 - 2014-10-22 14:30 - 00931962 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-31 17:54 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 17:54 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 17:54 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 15:04 - 2013-08-22 15:46 - 00019083 _____ () C:\Windows\setupact.log
2014-12-29 00:04 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Apple Computer
2014-12-28 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 23:23 - 2014-10-22 12:00 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Packages
2014-12-28 23:10 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apple Computer
2014-12-28 18:07 - 2014-10-22 15:33 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-27 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-20 21:02 - 2014-03-18 02:51 - 00007532 _____ () C:\Windows\PFRO.log
2014-12-20 21:02 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-20 03:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-20 00:06 - 2014-11-07 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 00:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 17:14 - 2014-10-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-19 17:13 - 2014-10-22 12:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 17:09 - 2014-11-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 17:04 - 2014-11-07 13:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 13:41 - 2014-11-24 08:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 14:46 - 2014-10-22 13:19 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 15:10 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Logistik
2014-12-05 02:11 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Ausbildung

Some content of TEMP:
====================
C:\Users\fvbpl_000\AppData\Local\Temp\9637C17B-EE39-675C-B958-970E535B81D2.exe
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.dll
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.exe
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\ose00000.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLitebb19d489-7776-4501-bfcf-e8751283980f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 20:47

==================== End Of Log ============================
--- --- ---

--- --- ---


Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Julian Bischoff at 2015-01-04 13:14:03
Running from C:\Users\fvbpl_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
GamesDesktop 014.42 (HKLM-x32\...\gmsd_de_42_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 1600W (HKLM\...\KONICA MINOLTA magicolor 1600W) (Version:  - )
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.5.0 - Lenovo Group Limited)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-12-2014 02:44:24 Geplanter Prüfpunkt
19-12-2014 16:49:29 Windows Update
23-12-2014 14:55:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10207AD6-AEDE-4B81-B95A-59639693DE9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10800D64-56CF-47AB-A51E-F554F558D106} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16D8C035-CEB5-4577-90C9-ACE0999957B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2BBED10F-D1B3-4B68-9619-B420D3280942} - System32\Tasks\BALD => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe [2014-12-29] (Cinema PlusV28.12) <==== ATTENTION
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe [2014-12-28] (CinPlus2.8dV28.12) <==== ATTENTION
Task: {4F285C8E-A46D-4120-A4BC-8F271BE3AE85} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {6F6D1884-C3C7-4301-9CEA-3F279F6CE0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D669744-160C-4026-B60A-AAF9CE727926} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9639DD1B-DACC-44D3-B3E5-895F9635CE8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B7300B9C-3F24-4E35-ADAA-4F3E06DAC4C0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-29] (globalUpdate) <==== ATTENTION
Task: {C18E9F5C-442B-4BE0-9B9F-0065945877A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: {CCC7CFFD-2A74-4E8F-8112-053D639787A2} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe [2014-11-26] ()
Task: {D225F681-9EE9-4FCD-B1EE-15AE0D6A588F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: {EB1CF6C7-48CA-4BF1-98FC-FA179C56415A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: C:\Windows\Tasks\BALD.job => C:\Users\fvbpl_000\AppData\Roaming\BALD.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 15:03 - 2013-08-19 15:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-12-29 20:53 - 2014-12-26 12:28 - 03307688 _____ () C:\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-29 20:53 - 2014-12-26 12:28 - 03978920 _____ () C:\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe
2013-07-19 22:29 - 2013-07-19 22:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 14:18 - 2013-08-08 12:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-01 15:22 - 2015-01-01 15:22 - 00098816 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32api.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00110080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\pywintypes27.dll
2015-01-01 15:22 - 2015-01-01 15:22 - 00364544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\pythoncom27.dll
2015-01-01 15:22 - 2015-01-01 15:22 - 00045568 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_socket.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 01160704 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_ssl.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00320512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32com.shell.shell.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00713216 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_hashlib.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 01175040 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._core_.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00805888 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._gdi_.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00811008 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._windows_.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 01062400 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._controls_.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00735232 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._misc_.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00128512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_elementtree.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00127488 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\pyexpat.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00557056 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\pysqlite2._sqlite.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00087552 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_ctypes.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00119808 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32file.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00108544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32security.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00007168 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\hashobjs_ext.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00167936 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32gui.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00018432 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32event.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00038912 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32inet.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00011264 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32crypt.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00070656 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._html2.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00027136 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\_multiprocessing.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00035840 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32process.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00686080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\unicodedata.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00122368 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._wizard.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00024064 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32pipe.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00025600 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32pdh.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00525640 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\windows._lib_cacheinvalidation.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00010240 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\select.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00017408 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32profile.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00022528 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\win32ts.pyd
2015-01-01 15:22 - 2015-01-01 15:22 - 00078336 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI51322\wx._animate.pyd
2014-12-16 14:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fvbpl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3329566954-2143029299-1165726935-500 - Administrator - Disabled)
Gast (S-1-5-21-3329566954-2143029299-1165726935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329566954-2143029299-1165726935-1003 - Limited - Enabled)
Julian Bischoff (S-1-5-21-3329566954-2143029299-1165726935-1001 - Administrator - Enabled) => C:\Users\fvbpl_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 00:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2f3c

Startzeit: 01d0280cf748a5f5

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: afdd48f5-9400-11e4-8259-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 06:01:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/30/2014 11:19:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19359

Error: (12/30/2014 11:19:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19359


System errors:
=============
Error: (12/28/2014 11:01:45 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

Error: (12/27/2014 01:05:20 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/27/2014 01:04:50 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/27/2014 00:48:50 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware.

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 05:03:41 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/23/2014 03:35:51 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/23/2014 03:35:21 PM) (Source: DCOM) (EventID: 10010) (User: JULIANS-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/04/2015 00:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206892f3c01d0280cf748a5f54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeafdd48f5-9400-11e4-8259-c0143dc3fd0cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 06:01:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description:

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/30/2014 11:19:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19359

Error: (12/30/2014 11:19:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19359


CodeIntegrity Errors:
===================================
  Date: 2014-12-28 23:03:50.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 12:54:16.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:23.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 02:50:40.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-26 05:01:34.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 13:03:23.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 3996.36 MB
Available physical RAM: 2641.96 MB
Total Pagefile: 5760.91 MB
Available Pagefile: 3567.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.89 GB) (Free:389.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F8E0386)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================

Bootsektor 04.01.2015 22:33
Hallo,

vielen Dank :)

Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

smallB 05.01.2015 19:41
Schritt 1:
Code:
# AdwCleaner v4.106 - Bericht erstellt am 05/01/2015 um 18:46:19
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Julian Bischoff - JULIANS-PC
# Gestartet von : C:\Users\fvbpl_000\Downloads\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Search Extensions
Ordner Gelöscht : C:\Program Files (x86)\gmsd_de_42
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Users\fvbpl_000\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\fvbpl_000\AppData\Local\gmsd_de_42
Ordner Gelöscht : C:\Users\fvbpl_000\AppData\Roaming\InetStat
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_de_42]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\GAMESDESKTOP
Schlüssel Gelöscht : HKLM\SOFTWARE\WordProser_1.10.0.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_de_42_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [9877 octets] - [05/01/2015 18:44:52]
AdwCleaner[S0].txt - [9542 octets] - [05/01/2015 18:46:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9602 octets] ##########
Schritt 2:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.01.2015
Suchlauf-Zeit: 18:57:06
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.05.09
Rootkit Datenbank: v2014.12.30.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Julian Bischoff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333400
Verstrichene Zeit: 16 Min, 22 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 7
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_1, In Quarantäne, [0fbe5b98fe8b2f07e88bb7b8c63d40c0],
PUP.Optional.CinemaPlus, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Cinema-Plus-1.7cV28.12-nv, In Quarantäne, [d9f42cc73059082e5cc6eb9144bfc13f],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinPlus-2.8dV28.12-nv, In Quarantäne, [09c405ee028768ceeb94c9a033d01be5],
PUP.Optional.CinemaPlus, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-Plus-1.7cV28.12, In Quarantäne, [626bf4ff9cede45267c9ea92b1523fc1],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.8dV28.12, In Quarantäne, [7756f8fb1d6c2e08423e4524ef148a76],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 4
Rogue.Multiple, C:\ProgramData\1078601655, In Quarantäne, [7d50e70c7e0b0a2c872dda44b44f56aa],
Rogue.Multiple, C:\ProgramData\2355320829, In Quarantäne, [b01d4fa40188f541b30153cbea1911ef],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],

Dateien: 89
PUP.Optional.CinemaPlus.A, C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe, In Quarantäne, [e5e86b88216869cd960da01bb4518c74],
PUP.Optional.CinemaPlus.A, C:\Users\fvbpl_000\AppData\Roaming\BALD.exe, In Quarantäne, [19b4a44f9eeb2e088024a615f70e05fb],
PUP.Optional.CrossRider.A, C:\Users\fvbpl_000\AppData\Local\Temp\n2176\PlusHD-DE-U-Installer.exe, In Quarantäne, [78559a59c8c13afcd66b2db46c95fa06],
PUP.Optional.Solimba, C:\Users\fvbpl_000\AppData\Local\Temp\n7015\GUSetup_pubg-f3a02637.exe, In Quarantäne, [8a43e50ec4c5fe381dff19dbd22f847c],
PUP.Optional.CrossRider.A, C:\Users\fvbpl_000\AppData\Local\Temp\n7015\HQVideo-DEInstaller.exe, In Quarantäne, [339ad221fc8d3bfb62dfc91840c1a759],
PUP.Optional.Shopperz.A, C:\Users\fvbpl_000\AppData\Local\Temp\n7015\Shopperz_0411-1a4a4790.exe, In Quarantäne, [7a538b68addc95a106c6a24a6a97db25],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_secureprotect_installer_multilang.exe, In Quarantäne, [09c4bf340a7f5adc15c187696e93cb35],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_spbp_installer_multilang.exe, In Quarantäne, [c706767df891d462dff737b918e91fe1],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_speeditup_installer_multilang.exe, In Quarantäne, [d3fa4ca7098016204492cd23da2734cc],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_stormpverti_installer_multilang.exe, In Quarantäne, [626b4ea57c0d95a16076e0101ae7b54b],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_superpc_installer_multilang.exe, In Quarantäne, [8d4038bbe0a9cd6942948a665ca5fe02],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_taplika_installer_multilang.exe, In Quarantäne, [00cddc17b0d9cd69ddf9915fd22f9769],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_tinywallet_installer_multilang.exe, In Quarantäne, [f8d540b3f9907bbb4f87e20e15ec738d],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_wajam_installer_multilang.exe, In Quarantäne, [cffe21d21e6ba78fbe18f3fd3dc4ee12],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_websearches_pariente_installer_multilang.exe, In Quarantäne, [1ab36d86345542f47b5b3fb103fe3dc3],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_wordproser_installer_multilang.exe, In Quarantäne, [ca03c52e9aefa690993ddb1540c18e72],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_wordproser_pariente_installer_multilang.exe, In Quarantäne, [735a42b1fb8ecf676274609056abb24e],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_zombie_installer_multilang.exe, In Quarantäne, [0bc272810a7fa78fd20457991de4a25e],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_commonshare_installer_multilang.exe, In Quarantäne, [8e3fc42f345582b41fb7559b40c133cd],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_CubepileShopperz_installer_multilang.exe, In Quarantäne, [804d9360a0e94de9508641af8180ea16],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_gamehug_installer_multilang.exe, In Quarantäne, [c10c7d7603864ee8548220d022dfa060],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_iminent_p_installer_multilang.exe, In Quarantäne, [5479ea093950d2644195816f1ae753ad],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_InterStat_installer_multilang.exe, In Quarantäne, [fcd1975c0d7cda5c36a008e819e8bb45],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_linkey_installer_multilang.exe, In Quarantäne, [21ac856e2c5dc6701cbac72914ed728e],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_MyStartSearch_installer_multilang.exe, In Quarantäne, [9e2fee052b5e8caa488eaf41a65b8d73],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [25a8d41fd2b7ff379640cd234fb24db3],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_piccolor_installer_multilang.exe, In Quarantäne, [2aa324cf8207a591a333ca2625dcea16],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_plumoweb_installer_multilang.exe, In Quarantäne, [64696c879eeb49edc21420d0dc25ff01],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [b31a579c95f4cf675c7a2bc57f8221df],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_priceless_installer_multilang.exe, In Quarantäne, [12bb648fa6e3c670498db13f837ec53b],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_secprotkeys_installer_multilang.exe, In Quarantäne, [bb1244afc1c87fb79244668a2dd4b24e],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-1ML8E.tmp\package_secprotwhite_installer_multilang.exe, In Quarantäne, [c10c32c1b4d5d363a630d21e1ee318e8],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_secureprotect_installer_multilang.exe, In Quarantäne, [3598688b4247ce68af270fe148b950b0],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_spbp_installer_multilang.exe, In Quarantäne, [0dc013e06e1b6dc9508600f08b766d93],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_speeditup_installer_multilang.exe, In Quarantäne, [b716f0039fea0d2918be09e7ce339070],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_stormpverti_installer_multilang.exe, In Quarantäne, [8449f003791051e5b6200ae661a0768a],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_superpc_installer_multilang.exe, In Quarantäne, [8d408f64d7b2aa8c36a0539d14ed36ca],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_taplika_installer_multilang.exe, In Quarantäne, [e4e9bc377f0a171fb6204ca4dc25f30d],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_tinywallet_installer_multilang.exe, In Quarantäne, [735ae80b7910979f7c5adc14b74ab44c],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_wajam_installer_multilang.exe, In Quarantäne, [884550a31475da5c5581698714eddd23],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_websearches_pariente_installer_multilang.exe, In Quarantäne, [48858d66ccbd64d215c1b23ed52c8a76],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_wordproser_installer_multilang.exe, In Quarantäne, [9934ae458108e254bc1abd333ac7ba46],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_wordproser_pariente_installer_multilang.exe, In Quarantäne, [7b52d221167334020cca717f56ab17e9],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_zombie_installer_multilang.exe, In Quarantäne, [ffceb0432366f83e736359975fa2659b],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_commonshare_installer_multilang.exe, In Quarantäne, [84491ed545442c0a29add31da16025db],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_CubepileShopperz_installer_multilang.exe, In Quarantäne, [e1ec886bf6930f2717bf0ee246bb738d],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_gamehug_installer_multilang.exe, In Quarantäne, [626b73800d7cf73ffdd9668a6c95ec14],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_iminent_p_installer_multilang.exe, In Quarantäne, [e6e7b43f92f758def6e0c32d0ef3f30d],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_InterStat_installer_multilang.exe, In Quarantäne, [537ae70c1a6ffd39b521e40c26db58a8],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_linkey_installer_multilang.exe, In Quarantäne, [5a73a74c4247a39384528b65f50c2cd4],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_MyStartSearch_installer_multilang.exe, In Quarantäne, [547943b0c7c287af4591c52b4cb59769],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [bc110fe488013afcc90d47a96f925aa6],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_piccolor_installer_multilang.exe, In Quarantäne, [6f5e9b58ddaca88e379f7c7471904eb2],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_plumoweb_installer_multilang.exe, In Quarantäne, [6f5e995acfba68ce18bec12f778a758b],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [94392ac9ddac71c57e587e72aa5726da],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_priceless_installer_multilang.exe, In Quarantäne, [fad3eb08e9a0b086914512deb24fe818],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_secprotkeys_installer_multilang.exe, In Quarantäne, [dfee30c33f4ac76f31a5f4fcd22f9967],
PUP.Optional.Tuto4PC.A, C:\Users\fvbpl_000\AppData\Local\Temp\is-MKUN0.tmp\package_secprotwhite_installer_multilang.exe, In Quarantäne, [3b92ac47d9b05dd928ae826ec33e04fc],
PUP.Optional.Solimba, C:\Users\fvbpl_000\Downloads\QuickTime.exe, In Quarantäne, [14b9be357d0cba7c316ab8aaa95744bc],
PUP.Optional.WebInstrNew.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNewH_01009.Wdf, In Quarantäne, [04c925cec5c4280e822e73f14cb73dc3],
PUP.Optional.SelectNGo.A, C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [f8d5dc17ee9bdb5b4e5c1b728c7713ed],
PUP.Optional.SelectNGo.A, C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [09c41fd4dcad38fe03a75c31b74cd729],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [b6179261c2c7c670db1a1ec9659f817f],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [c50810e32e5b0f2702f38f589173c53b],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [e0ed8172d7b2c96d7382f6f1857f5da3],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [7f4e52a1315800368b6acc1b2ed630d0],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, In Quarantäne, [399404efa0e94aec1ed7a542ce36c739],
PUP.Optional.Vitruvian.A, C:\Users\fvbpl_000\AppData\Local\Temp\vitruvian-installer-vmdetect-v0001, In Quarantäne, [af1e4ea5eb9ed85e30c5c22509fbca36],
Rogue.Multiple, C:\ProgramData\2355320829\BIT9E29.tmp, In Quarantäne, [b01d4fa40188f541b30153cbea1911ef],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\GoogleCrashHandler.exe, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\GoogleUpdate.exe, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\GoogleUpdateBroker.exe, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\GoogleUpdateHelper.msi, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\GoogleUpdateOnDemand.exe, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\goopdate.dll, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\goopdateres_en.dll, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\npGoogleUpdate4.dll, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\psmachine.dll, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.140162\psuser.dll, In Quarantäne, [913c9d56bbce330332cd86c122e103fd],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\GoogleCrashHandler.exe, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\GoogleUpdate.exe, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\GoogleUpdateBroker.exe, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\GoogleUpdateHelper.msi, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\GoogleUpdateOnDemand.exe, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\goopdate.dll, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\goopdateres_en.dll, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\npGoogleUpdate4.dll, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\psmachine.dll, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],
PUP.Optional.GlobalUpdate.A, C:\Users\fvbpl_000\AppData\Local\Temp\comh.442242\psuser.dll, In Quarantäne, [17b625ceed9c4de92ed1ec5bdf24ac54],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by Julian Bischoff at 2015-01-05 19:38:11
Running from C:\Users\fvbpl_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 1600W (HKLM\...\KONICA MINOLTA magicolor 1600W) (Version:  - )
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.5.0 - Lenovo Group Limited)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 16:49:29 Windows Update
23-12-2014 14:55:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
04-01-2015 13:27:08 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10207AD6-AEDE-4B81-B95A-59639693DE9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10800D64-56CF-47AB-A51E-F554F558D106} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16D8C035-CEB5-4577-90C9-ACE0999957B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: {67E6962C-16CB-4D50-B472-362C81BB8E80} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: {6F6D1884-C3C7-4301-9CEA-3F279F6CE0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D669744-160C-4026-B60A-AAF9CE727926} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9639DD1B-DACC-44D3-B3E5-895F9635CE8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CCC7CFFD-2A74-4E8F-8112-053D639787A2} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe [2014-11-26] ()
Task: {D225F681-9EE9-4FCD-B1EE-15AE0D6A588F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: {EB1CF6C7-48CA-4BF1-98FC-FA179C56415A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 15:03 - 2013-08-19 15:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-12-28 23:00 - 2014-11-26 00:08 - 04280272 _____ () C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 22:29 - 2013-07-19 22:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00098816 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32api.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00110080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pywintypes27.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00364544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pythoncom27.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00045568 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_socket.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01160704 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_ssl.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00320512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32com.shell.shell.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00713216 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_hashlib.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01175040 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._core_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00805888 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._gdi_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00811008 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._windows_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01062400 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._controls_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00735232 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._misc_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00128512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_elementtree.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00127488 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pyexpat.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00557056 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pysqlite2._sqlite.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00087552 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_ctypes.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00119808 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32file.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00108544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32security.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00007168 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\hashobjs_ext.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00167936 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32gui.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00018432 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32event.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00038912 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32inet.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00011264 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32crypt.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00070656 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._html2.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00027136 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_multiprocessing.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00035840 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32process.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00686080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\unicodedata.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00122368 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._wizard.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00024064 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32pipe.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00025600 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32pdh.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00525640 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\windows._lib_cacheinvalidation.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00010240 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\select.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00017408 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32profile.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00022528 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32ts.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00078336 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._animate.pyd
2014-10-22 14:18 - 2013-08-08 12:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fvbpl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3329566954-2143029299-1165726935-500 - Administrator - Disabled)
Gast (S-1-5-21-3329566954-2143029299-1165726935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329566954-2143029299-1165726935-1003 - Limited - Enabled)
Julian Bischoff (S-1-5-21-3329566954-2143029299-1165726935-1001 - Administrator - Enabled) => C:\Users\fvbpl_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 07:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5f4

Startzeit: 01d029156979ccf1

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 5cf3b06f-9509-11e4-825b-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/05/2015 07:00:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RegProCleaner.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 778

Startzeit: 01d0290ff29ca791

Endzeit: 95

Anwendungspfad: C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe

Berichts-ID: b8cb1996-9504-11e4-825a-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/04/2015 00:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2f3c

Startzeit: 01d0280cf748a5f5

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: afdd48f5-9400-11e4-8259-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 06:01:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/05/2015 06:47:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Intel® PROSet/Wireless WiMAX Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant SmartAudio service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel® PROSet/Wireless WiMAX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/05/2015 07:33:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206895f401d029156979ccf14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe5cf3b06f-9509-11e4-825b-c0143dc3fd0cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/05/2015 07:00:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RegProCleaner.exe1.0.0.077801d0290ff29ca79195C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exeb8cb1996-9504-11e4-825a-c0143dc3fd0c

Error: (01/04/2015 00:03:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206892f3c01d0280cf748a5f54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeafdd48f5-9400-11e4-8259-c0143dc3fd0cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14141

Error: (01/02/2015 01:27:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 06:01:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description:

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20656

Error: (12/30/2014 11:19:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-01-05 19:32:49.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 18:48:00.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 18:48:00.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 12:54:16.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:23.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 02:50:40.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-26 05:01:34.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 3996.36 MB
Available physical RAM: 2329.25 MB
Total Pagefile: 4764.36 MB
Available Pagefile: 2711.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.89 GB) (Free:391.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F8E0386)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Julian Bischoff (administrator) on JULIANS-PC on 05-01-2015 19:36:51
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://hs-owl.de/"
CHR Profile: C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (nhahncknpppipmgjchbbhehkfglelepf) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 19:15 - 2015-01-05 19:15 - 00017336 _____ () C:\Users\fvbpl_000\Desktop\mbam.txt
2015-01-05 18:55 - 2015-01-05 19:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 18:55 - 2015-01-05 18:55 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 18:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 18:55 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 18:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 18:54 - 2015-01-05 18:54 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\fvbpl_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 18:44 - 2015-01-05 18:46 - 00000000 ____D () C:\AdwCleaner
2015-01-05 18:44 - 2015-01-05 18:44 - 02173952 _____ () C:\Users\fvbpl_000\Downloads\AdwCleaner_4.106.exe
2015-01-04 13:12 - 2015-01-05 19:37 - 00015058 _____ () C:\Users\fvbpl_000\Desktop\FRST.txt
2014-12-29 21:22 - 2015-01-05 19:36 - 00000000 ____D () C:\FRST
2014-12-29 21:21 - 2015-01-04 13:09 - 02123776 _____ (Farbar) C:\Users\fvbpl_000\Desktop\FRST64.exe
2014-12-29 20:50 - 2014-12-29 20:50 - 00000000 ___DC () C:\Users\fvbpl_000\AppData\Local\MigWiz
2014-12-28 23:09 - 2014-12-28 23:09 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-28 23:05 - 2014-12-28 23:05 - 00000000 __SHD () C:\Users\fvbpl_000\AppData\Local\EmieBrowserModeList
2014-12-28 23:02 - 2015-01-05 19:16 - 00001734 _____ () C:\Windows\Tasks\AKGKZPF.job
2014-12-28 23:02 - 2014-12-28 23:02 - 00004762 _____ () C:\Windows\System32\Tasks\AKGKZPF
2014-12-28 23:01 - 2014-12-28 23:01 - 00003114 _____ () C:\Windows\System32\Tasks\RPC
2014-12-28 23:01 - 2014-12-28 23:01 - 00001875 _____ () C:\Windows\patsearch.bin
2014-12-28 23:00 - 2015-01-05 18:48 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 23:00 - 2014-12-28 23:00 - 00000045 _____ () C:\user.js
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Program Files (x86)\RPC
2014-12-28 22:15 - 2014-12-28 22:50 - 00110592 ___SH () C:\Users\fvbpl_000\Downloads\Thumbs.db
2014-12-28 22:11 - 2014-12-28 22:52 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Silvester
2014-12-28 22:09 - 2014-12-28 22:09 - 00076224 _____ () C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe
2014-12-24 09:01 - 2014-12-24 09:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 15:00 - 2014-12-23 15:00 - 00000000 ____D () C:\Users\fvbpl_000\Documents\Electronic Arts
2014-12-23 14:56 - 2014-12-23 14:56 - 00001366 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-23 14:55 - 2014-12-23 14:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-23 14:55 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-23 14:10 - 2014-12-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-23 14:07 - 2014-12-24 11:07 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Origin
2014-12-23 14:06 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 14:05 - 2014-12-23 15:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 14:05 - 2014-12-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-23 14:05 - 2014-12-23 14:05 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-20 21:03 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 21:03 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 00:06 - 2014-12-20 00:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 10:36 - 2013-06-25 08:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Misa
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520 (1).exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00675988 _____ () C:\Users\fvbpl_000\Desktop\Minecraft.exe
2014-12-16 14:51 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-16 14:51 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-16 14:51 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-16 14:51 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-16 14:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-16 14:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-16 14:46 - 2015-01-05 18:59 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\.minecraft
2014-12-16 14:46 - 2014-12-16 14:46 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\java
2014-12-16 13:40 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:40 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-16 13:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 13:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-16 13:40 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-16 13:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-16 13:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-16 13:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 13:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-16 13:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-16 13:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-16 13:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 13:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-16 13:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 13:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 13:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 13:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-16 13:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-16 13:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-07 15:14 - 2014-12-07 15:14 - 00012288 ___SH () C:\Users\fvbpl_000\Desktop\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 19:29 - 2014-10-22 13:19 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 19:28 - 2014-10-22 12:06 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329566954-2143029299-1165726935-1001
2015-01-05 19:27 - 2014-10-22 11:57 - 01067071 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 19:17 - 2014-10-25 12:21 - 00000000 ___RD () C:\Users\fvbpl_000\Google Drive
2015-01-05 19:17 - 2014-10-22 12:03 - 00000000 ___DO () C:\Users\fvbpl_000\OneDrive
2015-01-05 19:16 - 2014-10-22 13:19 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 19:16 - 2014-03-18 02:51 - 00040946 _____ () C:\Windows\PFRO.log
2015-01-05 19:16 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 19:15 - 2014-10-22 14:30 - 00965880 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-05 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-05 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-04 13:06 - 2014-10-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-31 17:54 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 17:54 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 17:54 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 15:04 - 2013-08-22 15:46 - 00019083 _____ () C:\Windows\setupact.log
2014-12-29 00:04 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Apple Computer
2014-12-28 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 23:23 - 2014-10-22 12:00 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Packages
2014-12-28 23:10 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apple Computer
2014-12-28 18:07 - 2014-10-22 15:33 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-27 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-20 00:06 - 2014-11-07 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 00:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 17:14 - 2014-10-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-19 17:13 - 2014-10-22 12:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 17:09 - 2014-11-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 17:04 - 2014-11-07 13:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 13:41 - 2014-11-24 08:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 14:46 - 2014-10-22 13:19 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-07 15:10 - 2014-10-22 12:12 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Logistik

Some content of TEMP:
====================
C:\Users\fvbpl_000\AppData\Local\Temp\9637C17B-EE39-675C-B958-970E535B81D2.exe
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.dll
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.exe
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\ose00000.exe
C:\Users\fvbpl_000\AppData\Local\Temp\Quarantine.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sqlite3.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLitebb19d489-7776-4501-bfcf-e8751283980f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 20:47

==================== End Of Log ============================
--- --- ---

--- --- ---

Bootsektor 05.01.2015 20:44
Hallo,

war da mal n Windows-Crack drauf?

Was macht die Werbung?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3
Starte noch einmal FRST.
  • Setze den Haken bei addition.txt und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und addition.txt erstellt und auf dem Desktop (oder in dem Verzeichnis in dem FRST liegt) gespeichert.
  • Poste den Inhalt dieser Logfiles bitte hier in deinen Thread.

smallB 05.01.2015 22:27
Ja, ich habe mir vor längerer Zeit Windows 8.1 auf meinem PC installiert, wenn es das ist was Du meinst :D

Die Werbung ist leider nach wie vor noch da und der Performance des Laptops ist dardürch auch nicht so gut.

Hallo,

also ich habe mir vor einiger Zeit Windows 8.1 auf diesen Laptop gemacht, wenn es das ist was Du meinst :D

Die Werbung ist leider nach wie vor ziemlich präsent und die Performance ist nicht sonderlich gut.

Fixlist:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Julian Bischoff at 2015-01-05 22:22:46 Run:1
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E}" => Key deleted successfully.
C:\Windows\System32\Tasks\AKGKZPF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AKGKZPF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D3DFB983-9D0B-48EE-A16C-45DFE395A634}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DFB983-9D0B-48EE-A16C-45DFE395A634}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Windows\Tasks\AKGKZPF.job => Moved successfully.
"C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe" => File/Directory not found.

==== End of Fixlog 22:22:48 ====
Hallo,

ich habe mir vor einiger Zeit Windows 8.1 auf den Laptop geladen, wenn es das ist was Du meinst :D
Die Werbung ist nach wie vor da und die Performance des Laptops ist auch nicht gerade gut.

Fixlist:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Julian Bischoff at 2015-01-05 22:22:46 Run:1
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E} - System32\Tasks\AKGKZPF => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
Task: {D3DFB983-9D0B-48EE-A16C-45DFE395A634} - \AutoKMS No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AKGKZPF.job => C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe <==== ATTENTION
C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39468E8E-C2C6-48B9-BDC9-6DF7FE2F647E}" => Key deleted successfully.
C:\Windows\System32\Tasks\AKGKZPF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AKGKZPF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D3DFB983-9D0B-48EE-A16C-45DFE395A634}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DFB983-9D0B-48EE-A16C-45DFE395A634}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Windows\Tasks\AKGKZPF.job => Moved successfully.
"C:\Users\fvbpl_000\AppData\Roaming\AKGKZPF.exe" => File/Directory not found.

==== End of Fixlog 22:22:48 ====

smallB 07.01.2015 12:45
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9c046e311d1667428d8c7b2fe845d3b9
# engine=21827
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-05 11:17:06
# local_time=2015-01-06 12:17:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 17383 10804145 0 0
# scanned=163029
# found=23
# cleaned=23
# scan_time=6271
sh=F487D432DD476BBC2A59F7BAB73BC595E1D79213 ft=1 fh=ae579be5fd8b9d33 vn="Win32/Adware.1ClickDownload.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3329566954-2143029299-1165726935-1001\$R0RCO7F.exe"
sh=F487D432DD476BBC2A59F7BAB73BC595E1D79213 ft=1 fh=ae579be5fd8b9d33 vn="Win32/Adware.1ClickDownload.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3329566954-2143029299-1165726935-1001\$R9HWJRO.exe"
sh=F487D432DD476BBC2A59F7BAB73BC595E1D79213 ft=1 fh=ae579be5fd8b9d33 vn="Win32/Adware.1ClickDownload.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3329566954-2143029299-1165726935-1001\$RUL75CT.exe"
sh=F487D432DD476BBC2A59F7BAB73BC595E1D79213 ft=1 fh=ae579be5fd8b9d33 vn="Win32/Adware.1ClickDownload.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-3329566954-2143029299-1165726935-1001\$RXHARLQ.exe"
sh=938D05DB04A89CC89B49796E33852D85638192E8 ft=1 fh=5f61bc5c80de8e26 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_42\gamesdesktop_widget.exe.vir"
sh=8D0D2C5962C4AC6693D7C4703598293F8D47DD6A ft=1 fh=c72cf11143e20963 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_42\gmsd_de_42.exe.vir"
sh=A9E60B36A67DA2A91CB706037971E260F436249D ft=1 fh=c71c001135aeb574 vn="Variante von MSIL/Adware.iBryte.N Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\uninstall.exe.vir"
sh=0DBB8A15F2B8532F6BEC0AC8183964E58D1C1D65 ft=1 fh=b84d08e762a3738a vn="Variante von Win32/Adware.EoRezo.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\fvbpl_000\AppData\Local\gmsd_de_42\upgmsd_de_42.exe.vir"
sh=2443C58D683FB14C4FDD586A2C7F766581992F5F ft=1 fh=46a9efbc29fb0b9b vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\fvbpl_000\AppData\Local\gmsd_de_42\Download\majmp_gentleeu.exe.vir"
sh=26A362F5EB1B7F04047922B4AECF0BE5F673EFC5 ft=1 fh=54b54b7940d28654 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\fvbpl_000\AppData\Local\gmsd_de_42\Download\setup_recover_rec_de_2.exe.vir"
sh=91B45F364C7E419FB0A1720BF4C986285E311E46 ft=1 fh=61a2c055ddfa5a2f vn="Variante von MSIL/RegProCleaner.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe"
sh=87F3CD517D97E62ADE1A4825C4891711E581E125 ft=1 fh=ada3e5dff90c2e25 vn="Variante von Win32/VOPackage.BE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\0DQRYCJA\dl[1].htm"
sh=E85B68ACFBF32CD63A20EB3A2F805402047D0A2C ft=1 fh=093fc356f2a1817b vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\6O14WH1V\sprz[1].exe"
sh=68DBD83BDD78D65F6EBBDCB1C5931B09DEB28CF8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\XXNV8Q39\91[2].js"
sh=10E8CF8C8FC7683CE67B837DE2841B25F776C553 ft=1 fh=7fcc22637824fbd2 vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe"
sh=E85B68ACFBF32CD63A20EB3A2F805402047D0A2C ft=1 fh=093fc356f2a1817b vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe"
sh=1EC975477FA571CE9F5F922A2B999E24B4A7650D ft=1 fh=e1d54ceb161a3dd9 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\is-543PJ.tmp\gentlemjmp_ieu.exe"
sh=E4FB92A4CF0C3794B9C3480DE8E01E57109BB52D ft=1 fh=1ceb55bfc0ab3599 vn="Win32/AdWare.EoRezo.AW Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\is-J8RHC.tmp\gentlemjmp_ieu.exe"
sh=EFD13B8744833CA4C7D0B4C50D43F968EF22CBD4 ft=1 fh=06a605145effe94a vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\n7015\OptimizerProInstaller.exe"
sh=46E8C49ECAEAF21E4D1F5879C66BBA766B593FC6 ft=1 fh=6f0c579f6dd4cdf6 vn="Variante von MSIL/RegProCleaner.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\n7015\regProCleaner_2611-4698e432.exe"
sh=B8CABCF96F18B298A36628EECE6BC4C46FAFEAA3 ft=1 fh=b10fa3b210c92e45 vn="Variante von MSIL/Solimba.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\n7015\s7015.exe"
sh=B84BED223B4F543E789C3D86DE72953789F9E72F ft=1 fh=4527b32ba69498f4 vn="Variante von Win32/Adware.SpeedingUpMyPC.T.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\AppData\Local\Temp\n7015\SuperOptimizerInstaller.exe"
sh=130BAFE1796046898BDCD5944288CE1BCA1C57A5 ft=1 fh=a08027d18c21408c vn="NSIS/TrojanDownloader.Adload.AA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe"
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Julian Bischoff (administrator) on JULIANS-PC on 07-01-2015 12:35:35
Running from C:\Users\fvbpl_000\Desktop
Loaded Profiles: Julian Bischoff &  (Available profiles: Julian Bischoff)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-10-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-10-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-07-19] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://googel.de/
HKU\S-1-5-21-3329566954-2143029299-1165726935-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://hs-owl.de/"
CHR Profile: C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-22]
CHR Extension: (YouTube) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google-Suche) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Google Tabellen) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-18]
CHR Extension: (nhahncknpppipmgjchbbhehkfglelepf) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Google Mail) - C:\Users\fvbpl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKU\S-1-5-21-3329566954-2143029299-1165726935-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-08-19] (Broadcom Corporation.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-23] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 12:35 - 2015-01-07 12:35 - 00016302 _____ () C:\Users\fvbpl_000\Desktop\FRST.txt
2015-01-05 22:30 - 2015-01-05 22:30 - 02347384 _____ (ESET) C:\Users\fvbpl_000\Downloads\esetsmartinstaller_deu.exe
2015-01-05 22:30 - 2015-01-05 22:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-05 22:15 - 2015-01-05 22:16 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Deployment
2015-01-05 22:15 - 2015-01-05 22:15 - 00725787 _____ () C:\Users\fvbpl_000\Downloads\0B12FtvhSIv1nbDVvNXh4Z3NzNkk.zip
2015-01-05 22:15 - 2015-01-05 22:15 - 00000000 ____D () C:\Users\fvbpl_000\Downloads\0B12FtvhSIv1nbDVvNXh4Z3NzNkk
2015-01-05 22:15 - 2015-01-05 22:15 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apps\2.0
2015-01-05 19:15 - 2015-01-05 19:15 - 00017336 _____ () C:\Users\fvbpl_000\Desktop\mbam.txt
2015-01-05 18:55 - 2015-01-07 12:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 18:55 - 2015-01-05 18:55 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-05 18:55 - 2015-01-05 18:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 18:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 18:55 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 18:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 18:54 - 2015-01-05 18:54 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\fvbpl_000\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 18:44 - 2015-01-05 18:46 - 00000000 ____D () C:\AdwCleaner
2015-01-05 18:44 - 2015-01-05 18:44 - 02173952 _____ () C:\Users\fvbpl_000\Downloads\AdwCleaner_4.106.exe
2014-12-29 21:22 - 2015-01-07 12:35 - 00000000 ____D () C:\FRST
2014-12-29 21:21 - 2015-01-07 12:35 - 02124288 _____ (Farbar) C:\Users\fvbpl_000\Desktop\FRST64.exe
2014-12-29 20:50 - 2014-12-29 20:50 - 00000000 ___DC () C:\Users\fvbpl_000\AppData\Local\MigWiz
2014-12-28 23:09 - 2014-12-28 23:09 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 23:09 - 2014-12-28 23:09 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-28 23:05 - 2014-12-28 23:05 - 00000000 __SHD () C:\Users\fvbpl_000\AppData\Local\EmieBrowserModeList
2014-12-28 23:01 - 2014-12-28 23:01 - 00003114 _____ () C:\Windows\System32\Tasks\RPC
2014-12-28 23:01 - 2014-12-28 23:01 - 00001875 _____ () C:\Windows\patsearch.bin
2014-12-28 23:00 - 2015-01-05 18:48 - 00000000 ____D () C:\Program Files (x86)\GU Player
2014-12-28 23:00 - 2014-12-28 23:00 - 00000045 _____ () C:\user.js
2014-12-28 23:00 - 2014-12-28 23:00 - 00000000 ____D () C:\Program Files (x86)\RPC
2014-12-28 22:15 - 2014-12-28 22:50 - 00110592 ___SH () C:\Users\fvbpl_000\Downloads\Thumbs.db
2014-12-28 22:11 - 2014-12-28 22:52 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Silvester
2014-12-24 09:01 - 2014-12-24 09:01 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 15:00 - 2014-12-23 15:00 - 00000000 ____D () C:\Users\fvbpl_000\Documents\Electronic Arts
2014-12-23 14:56 - 2014-12-23 14:56 - 00001366 _____ () C:\Users\Public\Desktop\Die Sims 4.lnk
2014-12-23 14:56 - 2014-12-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sims 4
2014-12-23 14:55 - 2014-12-23 14:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-23 14:55 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-12-23 14:10 - 2014-12-23 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-23 14:07 - 2014-12-24 11:07 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Origin
2014-12-23 14:06 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\ProgramData\Origin
2014-12-23 14:05 - 2014-12-24 11:07 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 14:05 - 2014-12-23 15:00 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-23 14:05 - 2014-12-23 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-23 14:05 - 2014-12-23 14:05 - 00000995 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-20 21:03 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-20 21:03 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-20 00:06 - 2014-12-20 00:06 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-17 10:36 - 2015-01-05 19:47 - 00000000 ____D () C:\Users\fvbpl_000\Desktop\Misa
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-17 10:35 - 2014-12-17 10:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520.exe
2014-12-17 10:34 - 2014-12-17 10:34 - 01941064 _____ () C:\Users\fvbpl_000\Downloads\winrar-x64-520 (1).exe
2014-12-16 15:07 - 2014-12-16 15:07 - 00675988 _____ () C:\Users\fvbpl_000\Desktop\Minecraft.exe
2014-12-16 14:51 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-16 14:51 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-16 14:51 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-16 14:51 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-16 14:51 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-16 14:50 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-16 14:50 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-16 14:50 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-16 14:46 - 2015-01-05 19:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\.minecraft
2014-12-16 14:46 - 2014-12-16 14:46 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\java
2014-12-16 13:40 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-16 13:40 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-16 13:40 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-16 13:40 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-16 13:40 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-16 13:40 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-16 13:36 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-16 13:36 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-16 13:36 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-16 13:36 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-16 13:36 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-16 13:36 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-16 13:36 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-16 13:36 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-16 13:36 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-16 13:36 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-16 13:36 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-16 13:36 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-16 13:36 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-16 13:36 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-16 13:36 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-16 13:36 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-16 13:36 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-16 13:36 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-16 13:36 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-16 13:36 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-16 13:36 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-16 13:36 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-16 13:36 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-16 13:36 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-16 13:36 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 12:29 - 2014-10-22 13:19 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 12:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-07 12:25 - 2014-10-22 11:57 - 01171853 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 19:28 - 2014-10-22 12:06 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3329566954-2143029299-1165726935-1001
2015-01-05 19:17 - 2014-10-25 12:21 - 00000000 ___RD () C:\Users\fvbpl_000\Google Drive
2015-01-05 19:17 - 2014-10-22 12:03 - 00000000 ___DO () C:\Users\fvbpl_000\OneDrive
2015-01-05 19:16 - 2014-10-22 13:19 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 19:16 - 2014-03-18 02:51 - 00040946 _____ () C:\Windows\PFRO.log
2015-01-05 19:16 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 19:15 - 2014-10-22 14:30 - 00994278 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-05 19:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-04 13:06 - 2014-10-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-31 17:54 - 2014-03-18 11:04 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 17:54 - 2014-03-18 10:25 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-12-31 17:54 - 2014-03-18 10:25 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-12-31 15:04 - 2013-08-22 15:46 - 00019083 _____ () C:\Windows\setupact.log
2014-12-29 00:04 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Roaming\Apple Computer
2014-12-28 23:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-28 23:23 - 2014-10-22 12:00 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Packages
2014-12-28 23:10 - 2014-10-22 12:41 - 00000000 ____D () C:\Users\fvbpl_000\AppData\Local\Apple Computer
2014-12-28 18:07 - 2014-10-22 15:33 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-27 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-12-20 00:06 - 2014-11-07 21:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-20 00:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-20 00:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-19 17:14 - 2014-10-22 12:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-19 17:13 - 2014-10-22 12:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 17:09 - 2014-11-07 13:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 17:04 - 2014-11-07 13:15 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-18 13:41 - 2014-11-24 08:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-16 14:46 - 2014-10-22 13:19 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\fvbpl_000\AppData\Local\Temp\9637C17B-EE39-675C-B958-970E535B81D2.exe
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.dll
C:\Users\fvbpl_000\AppData\Local\Temp\DC95917C-DF59-9746-0745-54C13C8A47EC.exe
C:\Users\fvbpl_000\AppData\Local\Temp\ose00000.exe
C:\Users\fvbpl_000\AppData\Local\Temp\Quarantine.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sqlite3.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\fvbpl_000\AppData\Local\Temp\System.Data.SQLitebb19d489-7776-4501-bfcf-e8751283980f.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 20:47

==================== End Of Log ============================
--- --- ---


Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Julian Bischoff at 2015-01-07 12:36:53
Running from C:\Users\fvbpl_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04063 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04063 - Cisco Systems, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.3.53 - Conexant)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KONICA MINOLTA magicolor 1600W (HKLM\...\KONICA MINOLTA magicolor 1600W) (Version:  - )
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.5.0 - Lenovo Group Limited)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 16:49:29 Windows Update
23-12-2014 14:55:21 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
04-01-2015 13:27:08 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10207AD6-AEDE-4B81-B95A-59639693DE9A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10800D64-56CF-47AB-A51E-F554F558D106} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16D8C035-CEB5-4577-90C9-ACE0999957B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6F6D1884-C3C7-4301-9CEA-3F279F6CE0C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D669744-160C-4026-B60A-AAF9CE727926} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {9639DD1B-DACC-44D3-B3E5-895F9635CE8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {C62888F4-9862-4C9F-AE67-5A9C0D162845} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-19] (Microsoft Corporation)
Task: {CCC7CFFD-2A74-4E8F-8112-053D639787A2} - System32\Tasks\RPC => C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe
Task: {D225F681-9EE9-4FCD-B1EE-15AE0D6A588F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EB1CF6C7-48CA-4BF1-98FC-FA179C56415A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-19 15:03 - 2013-08-19 15:03 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-01-29 22:02 - 2014-01-29 22:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-19 22:29 - 2013-07-19 22:29 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00098816 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32api.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00110080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pywintypes27.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00364544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pythoncom27.dll
2015-01-05 19:17 - 2015-01-05 19:17 - 00045568 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_socket.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01160704 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_ssl.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00320512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32com.shell.shell.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00713216 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_hashlib.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01175040 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._core_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00805888 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._gdi_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00811008 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._windows_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 01062400 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._controls_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00735232 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._misc_.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00128512 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_elementtree.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00127488 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pyexpat.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00557056 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\pysqlite2._sqlite.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00087552 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_ctypes.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00119808 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32file.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00108544 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32security.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00007168 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\hashobjs_ext.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00167936 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32gui.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00018432 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32event.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00038912 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32inet.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00011264 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32crypt.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00070656 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._html2.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00027136 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\_multiprocessing.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00035840 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32process.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00686080 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\unicodedata.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00122368 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._wizard.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00024064 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32pipe.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00025600 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32pdh.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00525640 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\windows._lib_cacheinvalidation.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00010240 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\select.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00017408 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32profile.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00022528 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\win32ts.pyd
2015-01-05 19:17 - 2015-01-05 19:17 - 00078336 _____ () C:\Users\fvbpl_000\AppData\Local\Temp\_MEI41962\wx._animate.pyd
2014-10-22 14:18 - 2013-08-08 12:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-16 14:46 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fvbpl_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3329566954-2143029299-1165726935-500 - Administrator - Disabled)
Gast (S-1-5-21-3329566954-2143029299-1165726935-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329566954-2143029299-1165726935-1003 - Limited - Enabled)
Julian Bischoff (S-1-5-21-3329566954-2143029299-1165726935-1001 - Administrator - Enabled) => C:\Users\fvbpl_000

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2015 00:34:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/07/2015 00:32:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/07/2015 00:30:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 830

Startzeit: 01d02a6cb2d8a523

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: a30dce22-9660-11e4-825b-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14062

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14062

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 00:29:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/06/2015 00:21:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (01/05/2015 11:51:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1818

Startzeit: 01d029396e4703d1

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 64c41c19-952d-11e4-825b-c0143dc3fd0c

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/05/2015 11:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2121110


System errors:
=============
Error: (01/05/2015 06:47:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Intel® PROSet/Wireless WiMAX Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant SmartAudio service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel® PROSet/Wireless WiMAX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel® PROSet/Wireless WiMAX Red Bend Device Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/05/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/07/2015 00:34:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\$Recycle.Bin\S-1-5-21-3329566954-2143029299-1165726935-1001\$RHKQTS7.exe

Error: (01/07/2015 00:32:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/07/2015 00:30:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068983001d02a6cb2d8a5234294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exea30dce22-9660-11e4-825b-c0143dc3fd0cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14062

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14062

Error: (01/06/2015 03:43:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/06/2015 00:29:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/06/2015 00:21:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/05/2015 11:51:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689181801d029396e4703d14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe64c41c19-952d-11e4-825b-c0143dc3fd0cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (01/05/2015 11:46:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2121110


CodeIntegrity Errors:
===================================
  Date: 2015-01-05 19:32:49.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 18:48:00.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-05 18:48:00.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-28 23:03:50.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-27 12:54:16.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:23.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-17 10:35:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-05 02:50:40.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-26 05:01:34.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 62%
Total physical RAM: 3996.36 MB
Available physical RAM: 1517.36 MB
Total Pagefile: 4764.36 MB
Available Pagefile: 1976.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.89 GB) (Free:391.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F8E0386)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================

Bootsektor 07.01.2015 23:43
Hallo,

hauptsächlich Kram im Papierkorb und in der Quarantäne.
Was machst du mit den ganzen Registrycleanern?
Bitte leere den Papierkorb. :)

In welchem Browser besteht das Problem?

Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\RPC\Reg Pro Cleaner\
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\0DQRYCJA\dl[1].htm
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\6O14WH1V\sprz[1].exe
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\XXNV8Q39\91[2].js
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\is-543PJ.tmp\gentlemjmp_ieu.exe
C:\Users\fvbpl_000\AppData\Local\Temp\is-J8RHC.tmp\gentlemjmp_ieu.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\OptimizerProInstaller.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\regProCleaner_2611-4698e432.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\s7015.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\SuperOptimizerInstaller.exe
C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


smallB 08.01.2015 18:50
Ich benutze google Chrome und da ist vorallem hier auf der Seite viel Werbung.

Papierkorb ist geleert, allerdings kann ich Dir nicht sagen, wie sie da drauf gekommen sind und was ich damit mache, weiß ich auch nicht, eigentlich gar nichts, sie sind einfach da :D

Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Julian Bischoff at 2015-01-08 18:47:55 Run:2
Running from C:\Users\fvbpl_000\Desktop
Loaded Profile: Julian Bischoff (Available profiles: Julian Bischoff)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\RPC\Reg Pro Cleaner\
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\0DQRYCJA\dl[1].htm
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\6O14WH1V\sprz[1].exe
C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\XXNV8Q39\91[2].js
C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe
C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe
C:\Users\fvbpl_000\AppData\Local\Temp\is-543PJ.tmp\gentlemjmp_ieu.exe
C:\Users\fvbpl_000\AppData\Local\Temp\is-J8RHC.tmp\gentlemjmp_ieu.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\OptimizerProInstaller.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\regProCleaner_2611-4698e432.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\s7015.exe
C:\Users\fvbpl_000\AppData\Local\Temp\n7015\SuperOptimizerInstaller.exe
C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe
       
*****************

C:\Program Files (x86)\RPC\Reg Pro Cleaner => Moved successfully.
"C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\0DQRYCJA\dl[1].htm" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\6O14WH1V\sprz[1].exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Microsoft\Windows\INetCache\IE\XXNV8Q39\91[2].js" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\optprosetup.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\sprz.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\is-543PJ.tmp\gentlemjmp_ieu.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\is-J8RHC.tmp\gentlemjmp_ieu.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\n7015\OptimizerProInstaller.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\n7015\regProCleaner_2611-4698e432.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\n7015\s7015.exe" => File/Directory not found.
"C:\Users\fvbpl_000\AppData\Local\Temp\n7015\SuperOptimizerInstaller.exe" => File/Directory not found.
"C:\Users\fvbpl_000\Downloads\FLVPlayer-Chrome.exe" => File/Directory not found.

==== End of Fixlog 18:47:56 ====

Bootsektor 09.01.2015 01:19
Hallo,

bitte installiere dir für jeden Browser Adblockplus bzw. AdblockEdge.

Für Chrome

Für Firefox

für den Internet Explorer

und schau, wie es mit der Werbung aussieht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:36 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131