Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus nicht über Systemsteuerung entfernbar (https://www.trojaner-board.de/165535-virus-systemsteuerung-entfernbar.html)

Nickyla 26.03.2015 22:56
Virus nicht über Systemsteuerung entfernbar
 
Hallo!
Ich bin am verzweifeln, habe mir irgendwie den Virus "SharkMan Coupon" auf meinen Pc (Windows 8.1) geholt. :balla:
Wenn ich ihn über Systemsteuerung - Programme deinstalllieren möchte, dann öffnet sich nach meinem Rechtsklick auf das Programm und der Auswahl deinstallieren das Fenster "Close your Browser and try again."
Ich habe daraus geschlossen, dass ich alle geöffneten Internet Browser schließen soll und es dann nochmal versuchen soll. Habe ich gemacht aber die selbe Meldung erschien.
Dann hab ich den Task Manager geöffnet und nachgeschaut ob noch was geöffnet ist, aber da war nichts mehr geöffnet. Dann nochmal versucht zu deinstallieren. Selbes Ergebnis :heulen:
Hab dann noch den Pc neugestartet und direkt nach dem Neustart nur die Systemsteuerung geöffnet und es wieder versucht aber mit dem selbern Ergebnis.
BITTE HELFT MIR, ICH VERZWEIFLE!!

deeprybka 26.03.2015 23:18
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Nickyla 28.03.2015 20:12
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin2 (administrator) on KERSTIN on 28-03-2015 19:52:03
Running from C:\Users\Kerstin2\Desktop
Loaded Profiles: Kerstin2 (Available profiles: Kerstin2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
() C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs
() C:\Windows\rcore.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2786032 2014-02-25] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-06-20] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-06-20] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-06-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe
HKLM-x32\...\Run: [Lenovo Recommends] => C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [119280 2014-01-09] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://tikotin.com
HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9BA7B0E9-FD44-41C9-B98D-DF65ABF18E88} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_14_46_ie&cd=2XzuyEtN2Y1L1QzuyDyE0E0EyByDtC0D0AyBtB0AtB0D0FtAtN0D0Tzu0StCtDyEzztN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCyEtBzztCtByDtGtAyEtBzztGzzyByD0DtGyCyDzytBtGtAtAyCtDyD0AtCtAtA0F0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtAtDtAtC0BtA0CtGtCzzzytCtGyEyEtC0FtG0AyCzy0EtG0Bzy0CzztDyByBtC0C0EzytA2Q&cr=1827300377&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_43_ie&cd=2XzuyEtN2Y1L1QzuyDyE0E0EyByDtC0D0AyBtB0AtB0D0FtAtN0D0Tzu0StCtDtAtDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyE0DyCyE0D0A0AtGyDtAtC0EtG0B0E0BtCtG0C0FzyyBtGyCtB0EyC0DtCzz0FzzyDyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0AyBzztBtC0AtGyEyBtA0FtGyE0DzyyDtGzzyE0EtBtGtA0CyE0E0FyEyDzzzzyDyDtC2Q&cr=35374891&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {9BA7B0E9-FD44-41C9-B98D-DF65ABF18E88} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-899650465-2179727545-1206695400-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&ts=1425144684&type=default&q={searchTerms}
BHO: PriceDoWnoloadeR -> {8edf1022-101c-4bba-9da4-62f119bc4f76} -> C:\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.x64.dll [2015-03-23] ()
BHO: saverabbox -> {b4c1a55f-a152-48aa-a387-84c7490eb3ad} -> C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.x64.dll [2015-03-23] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: TTicTaCoupona -> {dccb0fed-c96d-442a-a053-6e670a50c039} -> C:\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.x64.dll [2015-03-07] ()
BHO-x32: PriceDoWnoloadeR -> {8edf1022-101c-4bba-9da4-62f119bc4f76} -> C:\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.dll [2015-03-23] ()
BHO-x32: saverabbox -> {b4c1a55f-a152-48aa-a387-84c7490eb3ad} -> C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.dll [2015-03-23] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: TTicTaCoupona -> {dccb0fed-c96d-442a-a053-6e670a50c039} -> C:\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.dll [2015-03-07] ()
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default
FF SelectedSearchEngine: istartsurf
FF Homepage: https://www.google.de/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-28] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-02-28] (globalUpdate)
FF user.js: detected! => C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\user.js [2015-03-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2015-02-28]
FF Extension: Adblock Plus - C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\extensions\istart_ffnt@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-18] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 f3808d1c; c:\Program Files (x86)\ProcessEdit\ProcessEdit.dll [1629696 2015-02-16] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-28] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-28] (globalUpdate) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [19440 2014-01-09] ()
R2 lizemehu; C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp [174592 2015-02-28] () [File not signed]
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-06-20] (Lenovo)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-06-20] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-06-20] (Lenovo)
R2 rcores; C:\WINDOWS\rcore.exe [4686848 2015-02-02] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-06-20] (Lenovo)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-06-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-28] (SysTool PasSame LIMITED)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-06-20] (Lenovo)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]
R2 qygycyvo; C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2853400 2014-01-23] (Sonix Co. Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {29302da5-1178-40ac-a178-4cb57ebcc501}Gw64; C:\Windows\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys [48792 2014-10-26] (StdLib)
R1 {cd63c300-b231-4a93-a479-5a1e96976d74}Gw64; C:\Windows\System32\drivers\{cd63c300-b231-4a93-a479-5a1e96976d74}Gw64.sys [48784 2015-02-16] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 19:52 - 2015-03-28 19:54 - 00027497 _____ () C:\Users\Kerstin2\Desktop\FRST.txt
2015-03-28 19:49 - 2015-03-28 19:52 - 00000000 ____D () C:\FRST
2015-03-28 19:48 - 2015-03-28 19:48 - 02095616 _____ (Farbar) C:\Users\Kerstin2\Desktop\FRST64.exe
2015-03-26 22:26 - 2015-03-26 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-26 21:43 - 2015-03-26 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 11:41 - 2015-03-26 11:42 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Deployment
2015-03-26 11:41 - 2015-03-26 11:41 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Apps\2.0
2015-03-26 11:32 - 2015-03-26 11:32 - 00000000 ____D () C:\Users\Kerstin2\Documents\OneNote-Notizbücher
2015-03-26 11:23 - 2015-03-26 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-26 11:23 - 2015-03-26 11:23 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-26 11:21 - 2015-03-26 11:21 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-03-26 11:18 - 2015-03-28 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-26 11:18 - 2015-03-26 11:21 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-26 11:18 - 2015-03-26 11:18 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Microsoft Help
2015-03-26 11:18 - 2015-03-26 11:18 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-26 11:18 - 2015-03-26 11:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-26 11:15 - 2015-03-26 11:15 - 00000000 __RHD () C:\MSOCache
2015-03-26 11:12 - 2015-03-26 11:14 - 00000000 ____D () C:\Users\Kerstin2\Microsoft Office 2013
2015-03-26 11:12 - 2015-03-26 11:12 - 00000000 ____D () C:\Users\Kerstin2\Neuer Ordner (2)
2015-03-26 11:11 - 2015-03-26 11:11 - 00000000 ____D () C:\Users\Kerstin2\Neuer Ordner
2015-03-26 11:04 - 2015-03-26 11:10 - 653821919 _____ () C:\Users\Kerstin2\Downloads\MSO2013Sx64.exe
2015-03-26 10:31 - 2015-03-26 10:31 - 00001153 _____ () C:\Users\Kerstin2\Desktop\Continue Live Installation.lnk
2015-03-23 17:54 - 2015-03-23 17:54 - 00000000 _____ () C:\Users\Kerstin2\Sti_Trace.log
2015-03-23 17:53 - 2015-03-23 17:53 - 00000158 _____ () C:\Users\Kerstin2\Desktop\chrome.lnk
2015-03-23 17:46 - 2015-03-23 17:46 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-03-23 17:46 - 2015-03-23 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-23 17:46 - 2012-08-08 00:00 - 00094208 _____ (Seiko Epson Corporation.) C:\WINDOWS\system32\esxw2_dd.dll
2015-03-23 17:46 - 2012-04-20 00:00 - 00262144 _____ (Seiko Epson Corporation) C:\WINDOWS\SysWOW64\esintdd.dll
2015-03-23 17:46 - 2012-04-18 00:00 - 00281088 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxuindd.dll
2015-03-23 17:46 - 2012-03-26 01:00 - 00065793 _____ () C:\WINDOWS\system32\esfwdd.bin
2015-03-23 17:46 - 2009-10-16 00:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-03-23 17:46 - 2009-10-16 00:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-03-23 12:28 - 2015-03-23 12:28 - 00000000 ____D () C:\Program Files (x86)\shhoppNdrop
2015-03-23 12:27 - 2015-03-23 12:28 - 00000000 ____D () C:\Program Files (x86)\saverabbox
2015-03-23 12:27 - 2015-03-23 12:28 - 00000000 ____D () C:\Program Files (x86)\QR Code generator
2015-03-23 12:27 - 2015-03-23 12:28 - 00000000 ____D () C:\Program Files (x86)\PriceDoWnoloadeR
2015-03-23 12:18 - 2015-03-23 17:45 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-23 12:13 - 2015-03-23 12:15 - 49747968 _____ () C:\Users\Kerstin2\Downloads\epson374936eu.exe
2015-03-23 12:11 - 2015-03-23 12:11 - 17927680 _____ () C:\Users\Kerstin2\Downloads\epson374212eu.exe
2015-03-07 18:11 - 2015-03-07 18:12 - 00000000 ____D () C:\Program Files (x86)\TTicTaCoupona
2015-03-01 20:05 - 2015-03-01 20:05 - 00000000 ____D () C:\ProgramData\Browser
2015-02-28 19:31 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-28 19:31 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-28 19:31 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-28 19:31 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-28 19:31 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-28 19:31 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-28 19:17 - 2015-02-28 19:17 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Google
2015-02-28 19:16 - 2015-03-22 17:20 - 00000000 ____D () C:\Program Files (x86)\ver6SpeedChecker
2015-02-28 19:16 - 2015-02-28 19:16 - 00001868 _____ () C:\WINDOWS\patsearch.bin
2015-02-28 19:16 - 2015-02-28 19:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-02-28 19:15 - 2015-03-26 22:20 - 00001364 _____ () C:\WINDOWS\Tasks\CVYOB.job
2015-02-28 19:15 - 2015-02-28 19:15 - 01490904 _____ (Cinema PlusV28.02) C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe
2015-02-28 19:15 - 2015-02-28 19:15 - 00004374 _____ () C:\WINDOWS\System32\Tasks\CVYOB
2015-02-28 19:13 - 2015-02-28 19:13 - 00000000 ____D () C:\TVWizard
2015-02-28 18:54 - 2015-02-28 18:54 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{FCFB07AE-70FA-40FC-95BB-98107BC46DAA}
2015-02-28 18:46 - 2015-02-28 18:46 - 00000000 ____D () C:\ProgramData\Uniblue
2015-02-28 18:45 - 2015-03-22 16:50 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-02-28 18:29 - 2015-02-28 18:43 - 00000000 ____D () C:\Users\Kerstin2\AppData\Roaming\sweet-page
2015-02-28 18:29 - 2015-02-28 18:43 - 00000000 ____D () C:\ProgramData\ShopperPro
2015-02-28 18:29 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\PhraseFinder_1.10.0.9
2015-02-28 18:29 - 2015-02-28 18:29 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-28 18:28 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2015-02-28 18:27 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-02-28 18:25 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\HD Cinema Plus 1..7V28.02
2015-02-28 18:25 - 2015-02-28 18:25 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\CrashRpt
2015-02-28 18:24 - 2015-02-28 18:44 - 00000000 ____D () C:\Program Files\BubbleSound
2015-02-28 18:24 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\GoHDV28.02
2015-02-28 18:24 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-02-28 18:24 - 2015-02-28 18:24 - 00613067 _____ (CMI Limited) C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp
2015-02-28 18:24 - 2015-02-28 18:24 - 00000000 __SHD () C:\Users\Kerstin2\AppData\Roaming\AnyProtectEx
2015-02-28 18:23 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\ASP
2015-02-28 18:23 - 2015-02-28 18:23 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-28 18:22 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\RCP
2015-02-28 18:22 - 2015-02-28 18:23 - 00000000 ____D () C:\Users\Kerstin2\AppData\Roaming\systweak
2015-02-28 18:21 - 2015-02-28 18:43 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Linkey
2015-02-28 18:18 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\ver6BlockAndSurf
2015-02-28 18:16 - 2015-02-28 18:43 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\gmsd_de_257
2015-02-28 18:16 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\QuickRef_1.10.0.9
2015-02-28 18:16 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\gmsd_de_257
2015-02-28 18:12 - 2015-02-28 18:44 - 00000000 ____D () C:\Program Files (x86)\I - Cinema
2015-02-28 18:06 - 2015-03-22 17:23 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-28 18:06 - 2015-02-28 18:50 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A
2015-02-28 18:06 - 2015-02-28 18:06 - 00004018 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-02-28 18:05 - 2015-02-28 19:14 - 00003968 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-02-28 18:05 - 2015-02-28 18:05 - 00003830 _____ () C:\WINDOWS\System32\Tasks\PostPoneInstall
2015-02-28 18:05 - 2015-02-28 18:05 - 00003162 _____ () C:\WINDOWS\System32\Tasks\Run_Bobby_Browser
2015-02-28 18:04 - 2015-03-26 22:20 - 00000992 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-28 18:04 - 2015-02-28 19:19 - 00000996 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-28 18:04 - 2015-02-28 19:14 - 00003732 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-02-28 18:04 - 2015-02-28 18:43 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-02-28 18:04 - 2015-02-28 18:05 - 00000000 ____D () C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A
2015-02-28 18:04 - 2015-02-28 18:04 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-28 18:04 - 2015-02-28 18:04 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-02-28 18:03 - 2015-03-23 17:53 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\BoBrowser
2015-02-28 18:03 - 2015-02-28 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-02-28 18:03 - 2015-02-02 16:42 - 04686848 _____ () C:\WINDOWS\rcore.exe
2015-02-28 17:43 - 2015-02-28 18:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-28 17:36 - 2015-02-28 17:36 - 01055936 _____ (Adobe) C:\Users\Kerstin2\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 19:51 - 2015-02-16 19:41 - 00000000 ___RD () C:\Users\Kerstin2\OneDrive
2015-03-28 19:49 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-28 19:48 - 2014-06-20 20:56 - 01653034 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-28 19:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-26 22:31 - 2014-08-08 02:18 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-899650465-2179727545-1206695400-1002
2015-03-26 22:30 - 2015-02-16 15:19 - 00001279 _____ () C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-03-26 22:30 - 2014-06-20 21:45 - 00000000 ____D () C:\ProgramData\LU
2015-03-26 22:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-26 22:22 - 2014-06-20 21:13 - 00632503 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2015-03-26 22:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-26 22:19 - 2015-02-16 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 22:19 - 2014-03-18 10:44 - 00021580 _____ () C:\WINDOWS\PFRO.log
2015-03-26 22:19 - 2013-08-22 15:46 - 00022370 _____ () C:\WINDOWS\setupact.log
2015-03-26 22:19 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 22:19 - 2013-08-22 15:44 - 00491680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-26 22:18 - 2014-06-20 21:40 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-26 22:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-26 21:28 - 2014-08-08 13:22 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A722FFF0-A6C9-4DF2-85FD-AD8A23D16ED9}
2015-03-26 11:23 - 2014-03-18 10:38 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-26 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-26 11:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-26 11:19 - 2013-08-22 14:25 - 00000269 _____ () C:\WINDOWS\win.ini
2015-03-26 11:12 - 2014-08-08 02:12 - 00000000 ____D () C:\Users\Kerstin2
2015-03-26 10:36 - 2014-10-26 14:58 - 00000140 _____ () C:\Users\Kerstin2\AppData\Roaming\WB.CFG
2015-03-23 17:53 - 2014-08-08 02:22 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\CrashDumps
2015-03-23 12:28 - 2015-02-18 16:54 - 00000000 ____D () C:\ProgramData\11265266968740044361
2015-03-22 17:33 - 2015-02-16 16:12 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 17:33 - 2015-02-16 16:12 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-22 17:33 - 2014-08-08 02:13 - 00001461 _____ () C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-07 18:11 - 2015-02-18 16:54 - 00000000 ____D () C:\Program Files (x86)\dealSotter
2015-03-07 18:11 - 2015-02-18 16:53 - 00000000 ____D () C:\Program Files (x86)\Topdeall
2015-03-03 14:17 - 2014-10-26 15:09 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-28 19:01 - 2014-10-26 14:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-28 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-28 18:04 - 2014-10-26 14:23 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-28 17:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\CVYOB
2015-02-28 19:15 - 2015-02-28 19:15 - 1490904 _____ (Cinema PlusV28.02) C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\FUUEQB
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\KTJLIDE
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\RPMKXY
2014-10-26 14:58 - 2015-03-26 10:36 - 0000140 _____ () C:\Users\Kerstin2\AppData\Roaming\WB.CFG
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\XJ
2015-02-16 15:36 - 2015-02-16 15:36 - 0000001 _____ () C:\Users\Kerstin2\AppData\Local\DSI.DAT
2015-02-16 15:36 - 2015-02-16 15:36 - 0022528 _____ () C:\Users\Kerstin2\AppData\Local\dsisetup17004062.exe
2015-02-28 18:24 - 2015-02-28 18:24 - 0613067 _____ (CMI Limited) C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp
2014-06-20 21:19 - 2014-06-20 21:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Kerstin2\AppData\Local\Temp\1613.exe
C:\Users\Kerstin2\AppData\Local\Temp\43A8B703-AACB-5883-BFEE-246C38D2775C.exe
C:\Users\Kerstin2\AppData\Local\Temp\6530.exe
C:\Users\Kerstin2\AppData\Local\Temp\7063.exe
C:\Users\Kerstin2\AppData\Local\Temp\7115.exe
C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.dll
C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.exe
C:\Users\Kerstin2\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kerstin2\AppData\Local\Temp\ccicabfbbg.exe
C:\Users\Kerstin2\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Kerstin2\AppData\Local\Temp\COMAP.EXE
C:\Users\Kerstin2\AppData\Local\Temp\setacl.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 17:29

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kerstin2 at 2015-03-28 19:56:26
Running from C:\Users\Kerstin2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{8C2CC7A2-E3D9-5566-2D10-AE778A4F9B43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-899650465-2179727545-1206695400-1002\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Atheros Outlook Addin 2010)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dell 2135cn MFP Scanner-Treiber (HKLM-x32\...\{2A9048D8-BCBD-4BCC-A261-5E8A60084246}) (Version: 1.0.2.0 - Dell Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
Energy Manager (x32 Version: 1.5.0.20 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1321.0_WHQL - Sonix)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{0D740B00-2307-44AC-B91B-F3E67444ECA6}) (Version: 2.0.1.0107 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.1.0107 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.0 - Lenovo) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Recommends (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0211 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.1.14.1221 - Lenovo)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Magic Transfer (x32 Version: 1.1.1.11 - Lenovo) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Ihr Firmenname)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ProcessEdit (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f3808d1c}) (Version:  - Software Publisher) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
SharkManCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SharkManCoupon) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.80 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-02-2015 11:25:18 Windows Update
28-02-2015 18:03:35 Uniblue DriverScanner installation
28-02-2015 18:03:35 Uniblue SpeedUpMyPC installation
28-02-2015 18:29:50 Wiederherstellungsvorgang
26-03-2015 11:15:01 Installed Microsoft Office Standard 2013
26-03-2015 11:16:04 STANDARD

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-13 21:46 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D84A0B7-E71F-411F-82C1-2EB837906FF7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-28] (globalUpdate) <==== ATTENTION
Task: {1F7F1F15-CECA-47DD-AE25-D5780F117859} - System32\Tasks\CVYOB => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe [2015-02-28] (Cinema PlusV28.02) <==== ATTENTION
Task: {3499D17E-1BFB-4176-9196-2348A9158DE2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {52E3C113-48EB-457F-8213-014E2A4AE4EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {5D1A1522-454A-48EC-AF2D-6AE4768C4FB5} - System32\Tasks\{FCFB07AE-70FA-40FC-95BB-98107BC46DAA} => pcalua.exe -a C:\ProgramData\TVWizard\uninstall.exe -c /kb=y /ic=1 <==== ATTENTION
Task: {63E77AAC-A013-4E1B-9C53-D48684945615} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8FD0F07F-058D-4583-AF90-3D6887E0C906} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-28] (globalUpdate) <==== ATTENTION
Task: {9EF945BB-B1BA-4BD2-9642-D8BC3E8CE83C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A89A6154-ABF6-48BD-9623-E0A87E75A11C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C0571042-4AC0-4C8C-9792-F9500C1A0753} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-06-20] (Lenovo)
Task: {C64D415D-93A4-4698-B44C-AA9840011E0A} - System32\Tasks\Run_Bobby_Browser => C:\Users\Kerstin2\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {D262540E-0B7C-4D13-A7D0-26D92FF8D7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F7A8C65A-7292-4B4D-B361-41892B4B515A} - System32\Tasks\PostPoneInstall => C:\Users\Kerstin2\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe [2015-02-28] (C.L.A.R.A) <==== ATTENTION
Task: C:\WINDOWS\Tasks\CVYOB.job => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-18 21:13 - 2014-04-18 21:13 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-18 21:12 - 2014-04-18 21:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-06-20 21:31 - 2014-01-09 17:27 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
2015-02-28 18:05 - 2015-02-28 18:05 - 00174592 _____ () C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp
2015-02-28 18:05 - 2015-02-28 18:05 - 00123904 _____ () C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs
2015-02-28 18:03 - 2015-02-02 16:42 - 04686848 _____ () C:\WINDOWS\rcore.exe
2014-06-20 21:39 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-20 21:40 - 2014-06-20 21:40 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-06-20 21:40 - 2014-06-20 21:40 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-06-20 21:31 - 2014-06-20 21:31 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-02-25 21:14 - 2014-02-25 21:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 21:11 - 2014-02-25 21:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 21:17 - 2014-02-25 21:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-06-20 21:31 - 2014-06-20 21:31 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-26 11:50 - 2014-06-20 21:42 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-06-20 21:31 - 2014-01-09 17:30 - 00044016 _____ () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Util.dll
2015-02-21 16:40 - 2015-02-21 16:40 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2015-02-21 16:40 - 2015-02-21 16:40 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-02-21 16:40 - 2015-02-21 16:40 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-02-21 16:40 - 2015-02-21 16:40 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-06-20 21:31 - 2014-06-20 21:31 - 00109328 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-04-18 21:12 - 2014-04-18 21:12 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-18 21:13 - 2014-04-18 21:13 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-06-20 21:39 - 2014-06-20 21:39 - 00815104 _____ () C:\Program Files\Lenovo PhoneCompanion\adb.exe
2015-02-16 15:14 - 2015-02-16 15:14 - 01629696 _____ () c:\Program Files (x86)\ProcessEdit\ProcessEdit.dll
2014-06-20 21:39 - 2014-06-20 21:39 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-06-20 21:31 - 2014-06-20 21:31 - 00105744 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-06-20 21:31 - 2014-06-20 21:31 - 00102160 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kerstin2\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Kerstin2\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Kerstin2\OneDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin2\Pictures\bilder\2014\abiabschluss\IMG_0173.JPG
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-899650465-2179727545-1206695400-500 - Administrator - Disabled)
Gast (S-1-5-21-899650465-2179727545-1206695400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-899650465-2179727545-1206695400-1004 - Limited - Enabled)
Kerstin2 (S-1-5-21-899650465-2179727545-1206695400-1002 - Administrator - Enabled) => C:\Users\Kerstin2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 07:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a30

Startzeit: 01d06987b87cf6c7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: acc0df23-d57b-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/28/2015 07:48:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c90

Startzeit: 01d069871a996aee

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 07003487-d57b-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.onenoteim

Error: (03/28/2015 07:48:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d60

Startzeit: 01d0680c303f6fb9

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: f2b4fa70-d57a-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13812

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13812

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2015 10:26:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c4c

Startzeit: 01d0680ac4536894

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: b9fa0b57-d3fe-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/26/2015 10:15:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/26/2015 09:51:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40687

Error: (03/26/2015 09:51:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40687


System errors:
=============
Error: (03/26/2015 10:24:43 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (03/26/2015 10:24:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "McAfee Home Network" wurde nicht richtig gestartet.

Error: (03/26/2015 09:37:48 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (03/26/2015 11:00:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GgjxiTnT" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/23/2015 06:12:38 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2015 06:12:38 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2015 06:12:34 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2015 06:12:34 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2015 06:12:34 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2015 06:12:32 PM) (Source: DCOM) (EventID: 10010) (User: KERSTIN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/28/2015 07:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689a3001d06987b87cf6c74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeacc0df23-d57b-11e4-826d-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/28/2015 07:48:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841c9001d069871a996aee4294967295C:\WINDOWS\system32\backgroundTaskHost.exe07003487-d57b-11e4-826d-54ee751da72aMicrosoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwemicrosoft.onenoteim

Error: (03/28/2015 07:48:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689d6001d0680c303f6fb94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef2b4fa70-d57a-11e4-826d-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13812

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13812

Error: (03/26/2015 10:31:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/26/2015 10:26:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689c4c01d0680ac45368944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb9fa0b57-d3fe-11e4-826d-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/26/2015 10:15:42 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (03/26/2015 09:51:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40687

Error: (03/26/2015 09:51:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40687


CodeIntegrity Errors:
===================================
  Date: 2015-02-28 18:30:32.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:39.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:39.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:33.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:33.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 21:45:27.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-13 21:45:27.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 67%
Total physical RAM: 3514.99 MB
Available physical RAM: 1158.02 MB
Total Pagefile: 4730.99 MB
Available Pagefile: 2176.71 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.25 GB) (Free:382.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB91C08B)

Partition: GPT Partition Type.

==================== End Of Log ============================
danke schonmal für deine hilfe und deine mühe, ich hoffe ich hab das so richtig gemacht!

LG

deeprybka 28.03.2015 20:13
Hi,
ja alles richtig! :daumenhoc


Schritt 1

Bitte deinstalliere folgende Programme:

ProcessEdit
SharkManCoupon


Versuche es bei Windows 8 http://deeprybka.trojaner-board.de/b...ne/revo/w8.png mit der Windowstaste + X über http://deeprybka.trojaner-board.de/b...revo/pwin8.PNG.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 4

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Nickyla 29.03.2015 17:28
hallo, wie verschiebe ich nach dem scan mit MBAM die funde in quarantäne?

deeprybka 29.03.2015 17:29
Anleitung gelesen? :)

http://anleitung.trojaner-board.de/t...anti-malware_5


http://www.deeprybka.trojaner-board....s/214deu/5.png

Nickyla 29.03.2015 17:47
okay ja die anleitung hat geholfen. allerdings möchte das Programm MBAM den Computer neustarten, noch bevor ich das ergebnis auf dem desktop speichern kann. Was soll ich tun?

LG :)

deeprybka 29.03.2015 17:48
Hi, PC Neustart zulassen. Dann das hier machen:

Malwarebytes Anti-Malware Logfile finden - Anleitungen

Nickyla 29.03.2015 18:12
Code:
# AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 16:57:23
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-28.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Kerstin2 - KERSTIN
# Gestarted von : C:\Users\Kerstin2\Desktop\AdwCleaner_4.113.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : rcores
Dienst Gelöscht : IHProtect Service
Dienst Gelöscht : {29302da5-1178-40ac-a178-4cb57ebcc501}Gw64
Dienst Gelöscht : {cd63c300-b231-4a93-a479-5a1e96976d74}Gw64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\TVWizard
Ordner Gelöscht : C:\ProgramData\374311380
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\ShopperPro
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\RandomDealApp
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\8cd201810000260e
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\ASP
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\ShopperPro
Ordner Gelöscht : C:\Program Files (x86)\YTDownloader
Ordner Gelöscht : C:\Program Files (x86)\RCP
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\PhraseFinder_1.10.0.9
Ordner Gelöscht : C:\Program Files (x86)\QuickRef_1.10.0.9
Ordner Gelöscht : C:\Program Files (x86)\APptOiU
Ordner Gelöscht : C:\Program Files (x86)\dealSotter
Ordner Gelöscht : C:\Program Files (x86)\deaLster
Ordner Gelöscht : C:\Program Files (x86)\FFineDealSofft
Ordner Gelöscht : C:\Program Files (x86)\PriceDoWnoloadeR
Ordner Gelöscht : C:\Program Files (x86)\PriceeDowneloader
Ordner Gelöscht : C:\Program Files (x86)\shhoppNdrop
Ordner Gelöscht : C:\Program Files (x86)\soafuerweb
Ordner Gelöscht : C:\Program Files (x86)\SoftCooUp
Ordner Gelöscht : C:\Program Files (x86)\Topdeall
Ordner Gelöscht : C:\Program Files (x86)\TTicTaCoupona
Ordner Gelöscht : C:\Program Files (x86)\ver6BlockAndSurf
Ordner Gelöscht : C:\Program Files (x86)\ver6SpeedChecker
Ordner Gelöscht : C:\Program Files (x86)\gmsd_de_257
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Local\Temp\Framed Display
Ordner Gelöscht : C:\Program Files\BubbleSound
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Local\Linkey
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Local\BoBrowser
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Local\gmsd_de_257
Ordner Gelöscht : C:\Users\Kerstin2\AppData\LocalLow\SmartWeb
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Roaming\AnyProtectEx
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Roaming\PennyBee
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Kerstin2\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Kerstin2\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Kerstin2\Documents\PC Speed Maximizer
Datei Gelöscht : C:\WINDOWS\rcore.exe
Datei Gelöscht : C:\WINDOWS\patsearch.bin
Datei Gelöscht : C:\WINDOWS\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\{cd63c300-b231-4a93-a479-5a1e96976d74}Gw64.sys
Datei Gelöscht : C:\Users\Kerstin2\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Geplante Tasks ] *****

Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : LaunchSignup
Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : PostPoneInstall

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P651abc83_e2e8_4d51_b1fd_46cd677bacf4_.P651abc83_e2e8_4d51_b1fd_46cd677bacf4_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P651abc83_e2e8_4d51_b1fd_46cd677bacf4_.P651abc83_e2e8_4d51_b1fd_46cd677bacf4_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P78a62f53_2c68_418d_8450_87e9248e0805_.P78a62f53_2c68_418d_8450_87e9248e0805_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P78a62f53_2c68_418d_8450_87e9248e0805_.P78a62f53_2c68_418d_8450_87e9248e0805_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7b5f97c7_680e_4157_873c_4dd787f215c3_.P7b5f97c7_680e_4157_873c_4dd787f215c3_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7b5f97c7_680e_4157_873c_4dd787f215c3_.P7b5f97c7_680e_4157_873c_4dd787f215c3_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8edf1022_101c_4bba_9da4_62f119bc4f76_.P8edf1022_101c_4bba_9da4_62f119bc4f76_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P8edf1022_101c_4bba_9da4_62f119bc4f76_.P8edf1022_101c_4bba_9da4_62f119bc4f76_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pdccb0fed_c96d_442a_a053_6e670a50c039_.Pdccb0fed_c96d_442a_a053_6e670a50c039_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pdccb0fed_c96d_442a_a053_6e670a50c039_.Pdccb0fed_c96d_442a_a053_6e670a50c039_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfea72d04_c8d4_49e9_a818_181871742b9e_.Pfea72d04_c8d4_49e9_a818_181871742b9e_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfea72d04_c8d4_49e9_a818_181871742b9e_.Pfea72d04_c8d4_49e9_a818_181871742b9e_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\7101efdf-87fe-ecfa-dd1b-d373e8db8636
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{65e6d763}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{651abc83-e2e8-4d51-b1fd-46cd677bacf4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78a62f53-2c68-418d-8450-87e9248e0805}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7b5f97c7-680e-4157-873c-4dd787f215c3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8edf1022-101c-4bba-9da4-62f119bc4f76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{fea72d04-c8d4-49e9-a818-181871742b9e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2105FE20-DEBD-4084-A306-61C5DA001CCA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b5f97c7-680e-4157-873c-4dd787f215c3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8edf1022-101c-4bba-9da4-62f119bc4f76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fea72d04-c8d4-49e9-a818-181871742b9e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{651abc83-e2e8-4d51-b1fd-46cd677bacf4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78a62f53-2c68-418d-8450-87e9248e0805}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{651abc83-e2e8-4d51-b1fd-46cd677bacf4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78a62f53-2c68-418d-8450-87e9248e0805}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{651abc83-e2e8-4d51-b1fd-46cd677bacf4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78a62f53-2c68-418d-8450-87e9248e0805}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7b5f97c7-680e-4157-873c-4dd787f215c3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8edf1022-101c-4bba-9da4-62f119bc4f76}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fea72d04-c8d4-49e9-a818-181871742b9e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{651abc83-e2e8-4d51-b1fd-46cd677bacf4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{78a62f53-2c68-418d-8450-87e9248e0805}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7b5f97c7-680e-4157-873c-4dd787f215c3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{8edf1022-101c-4bba-9da4-62f119bc4f76}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{fea72d04-c8d4-49e9-a818-181871742b9e}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655655513}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666656613}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b5f97c7-680e-4157-873c-4dd787f215c3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8edf1022-101c-4bba-9da4-62f119bc4f76}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dccb0fed-c96d-442a-a053-6e670a50c039}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fea72d04-c8d4-49e9-a818-181871742b9e}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BA7B0E9-FD44-41C9-B98D-DF65ABF18E88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BA7B0E9-FD44-41C9-B98D-DF65ABF18E88}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\Vosteran
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromenda.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetamoris.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tikotin.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1425142992&from=tugs&uid=WDCXWD5000LPCX-24C6HT0_WD-WXQ1E34DPDU4DPDU4&q={searchTerms}");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.JMj4E1HVHFzM0aKp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrHqjCFrdwFqjYFrdg6rdrGpdk\")>-1url.indexOf(\"acebook\")>-[...]
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.VsvWEu6TIoM3FUS4.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjrHqjCFrdwFqjYFrdg6rdrGpdk\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asonnypennaolcom62180.62180.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22%[...]
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "149cee295028c34b13b88f0e82782948");
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[7krc0f8i.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zaj73sYq9j1BBQjI.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjrHqjCFrdwFqjYFrdg6rdrGpdk\")>-1url.indexOf(\"acebook\")>-[...]

*************************

AdwCleaner[R0].txt - [28140 Bytes] - [29/03/2015 16:53:09]
AdwCleaner[S0].txt - [25026 Bytes] - [29/03/2015 16:57:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25086  Bytes] ##########



Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.03.2015
Suchlauf-Zeit: 17:19:01
Logdatei: mbam text.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.29.05
Rootkit Datenbank: v2015.03.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Kerstin2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350499
Verstrichene Zeit: 1 Std, 4 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs, 1352, Löschen bei Neustart, [4aff0b402367e056cdd684c9e421b24e]
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp, 1968, Löschen bei Neustart, [4aff0b402367e056cdd684c9e421b24e]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 26
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}, Keine Aktion durch Benutzer, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{b4c1a55f-a152-48aa-a387-84c7490eb3ad}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.9, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.9, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.Pb4c1a55f_a152_48aa_a387_84c7490eb3ad_.9, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{b4c1a55f-a152-48aa-a387-84c7490eb3ad}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{B4C1A55F-A152-48AA-A387-84C7490EB3AD}\INPROCSERVER32, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qygycyvo, In Quarantäne, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\lizemehu, In Quarantäne, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.LightEngine.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\65e6d763, In Quarantäne, [15340249f3975fd76debaa1511f221df],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\Cinemax Plus 1.9cV28.02-nv-ie, In Quarantäne, [f75292b98a00c86eb46b6d529a69e21e],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18\SOFTWARE\MedPlayerNewVersion-nv-ie, In Quarantäne, [74d5e4678307b482a3cc3784f40f1fe1],
PUP.Optional.Cinema4U.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Cinema 4u, In Quarantäne, [5beedf6c94f6c0766786bf112dd6df21],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-899650465-2179727545-1206695400-1002\SOFTWARE\Cinemax Plus 1.9cV28.02-nv-ie, In Quarantäne, [ee5b09420684290dc45b08b7867da759],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-899650465-2179727545-1206695400-1002\SOFTWARE\CinemaxPlus1.9cV28.02, In Quarantäne, [44051239e2a8ee483de5239c9d66718f],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-899650465-2179727545-1206695400-1002\SOFTWARE\MedPlayerNewVersion-nv-ie, In Quarantäne, [a8a1fd4ec6c40f27e08fae0d27dc3cc4],
PUP.Optional.Linkey.A, HKU\S-1-5-21-899650465-2179727545-1206695400-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [3d0c3417a1e9f5413e4aa119649f0ff1],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],

Registrierungswerte: 3
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [0445d477c6c4bf7760846cdc0104b44c]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\lizemehu|ImagePath, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp, In Quarantäne, [b693bc8f9ded0135e2cc400de3220ef2]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qygycyvo|ImagePath, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs, In Quarantäne, [9bae014ab1d9181e426b1f2e8c7924dc]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 11
PUP.Optional.SaverBox.A, C:\Program Files (x86)\saverabbox, In Quarantäne, [a8a1e665cac00531681caa0b62a109f7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\GoHDV28.02, In Quarantäne, [95b4b39868229e98a964bef8a45f718f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD Cinema Plus 1..7V28.02, In Quarantäne, [02470a410a800d2915f85d598f7439c7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\I - Cinema, In Quarantäne, [4efb97b4d8b2a4927598684e867d46ba],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A, Löschen bei Neustart, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, In Quarantäne, [e3660f3c2c5e21151516c4f1a85b1ae6],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, In Quarantäne, [e3660f3c2c5e21151516c4f1a85b1ae6],

Dateien: 86
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, Löschen bei Neustart, ,
PUP.Optional.Multiplug, C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.x64.dll, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.Multiplug, C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.dll, In Quarantäne, [272275d6e2a84cea19c347f4dd25c937],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe, In Quarantäne, [4801c586f4960d297d1256d5ae5819e7],
PUP.Optional.Multiplug, C:\Program Files (x86)\LightEngine\LightEngine.dll, In Quarantäne, [35143516cdbd89ad68abb679966c46ba],
PUP.Optional.CrossRider, C:\$Recycle.Bin\S-1-5-21-899650465-2179727545-1206695400-1002\$RUWPNZF.exe, In Quarantäne, [2a1faba0a8e2a3937de1df08ff02c33d],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Local\Temp\1613.exe, In Quarantäne, [9cada0aba8e238fe018e7cafbc4a4ab6],
Trojan.Downloader, C:\Users\Kerstin2\AppData\Local\Temp\nsvEFE2.tmp, In Quarantäne, [13360942b4d6e1557ccc56cea65d45bb],
PUP.Optional.Bundle, C:\Users\Kerstin2\AppData\Local\Temp\nsvEFE3.tmp, In Quarantäne, [a5a4d972f298e155a34f6a80c14422de],
PUP.Optional.MediaPlayer.A, C:\Users\Kerstin2\AppData\Local\Temp\6530.exe, In Quarantäne, [2e1bef5c3c4e6cca1153af83a85e619f],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Local\Temp\7063.exe, In Quarantäne, [1237bb9034560234d3bc34f760a6966a],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Local\Temp\7115.exe, In Quarantäne, [57f2202bb3d72412c0cf61cad1357c84],
PUP.Optional.XTabs.A, C:\Users\Kerstin2\AppData\Local\Temp\Wtmp887531\tmp\STab_Down_6.0.6.8.exe, In Quarantäne, [93b6bd8e7c0e4aecc05e38fab353de22],
PUP.Optional.WindowsProtectManger.A, C:\Users\Kerstin2\AppData\Local\Temp\Wtmp887531\tmp\wpm_v20.0.0.1714_0204.exe, In Quarantäne, [2227d972b3d7a88e4597c5a1a15f9d63],
PUP.Optional.BrowserWatch, C:\Users\Kerstin2\AppData\Local\Temp\Wtmp887531\tmp\XTab_v4.0.exe, In Quarantäne, [bf8a0546c9c1dc5a5aaa323ca15fd927],
PUP.Optional.InstallCore, C:\Users\Kerstin2\AppData\Local\Temp\274837562.Uninstall\uninstaller.exe, In Quarantäne, [c386301ba5e546f079a74df8877bfc04],
PUP.Optional.TVWizard.A, C:\Users\Kerstin2\AppData\Local\Temp\36c67249-2818-4a41-a9a4-b2ae747676cd\setup.exe, In Quarantäne, [63e60c3f51391a1c5c3e8bd0d62aaf51],
PUP.Optional.Clara.A, C:\Users\Kerstin2\AppData\Local\Temp\438b3c21-c31c-445f-b76d-6599e88ecd12\2dc5634e-dffe-4d43-a419-8c920578f600.exe, In Quarantäne, [b79271daa5e537ff54c9e9f6010046ba],
PUP.Optional.IStartsurf.A, C:\Users\Kerstin2\AppData\Local\Temp\4482f44d-f16e-428f-b8cc-8867b49cd0d8\lly_istartsurf.exe, In Quarantäne, [2524f2597218ff37857c131fa066a957],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Local\Temp\DwlTempFolder\temp.exe, In Quarantäne, [2f1a82c9cac03df98034f5f845bcd030],
PUP.Optional.MediaPlayer.A, C:\Users\Kerstin2\AppData\Local\Temp\nss7BF8.tmp\32f5cc37-6e87-4218-b355-9feb6983ba15-uninstaller.exe, In Quarantäne, [fb4e3a116d1d80b6aeb67bb74bbbe31d],
PUP.Optional.MediaPlayer.A, C:\Users\Kerstin2\AppData\Local\Temp\nss7BF8.tmp\FirefoxUninstaller71819.exe, In Quarantäne, [f5543f0ccbbf0135451f73bf3acc08f8],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Local\Temp\7f87acb4-1147-438e-9665-e5bb24005f5f\setup.exe, In Quarantäne, [480193b8d7b34beb816d9f8bce3418e8],
PUP.Optional.MagnoPlayer.A, C:\Users\Kerstin2\AppData\Local\Temp\98307f84-52fa-46a7-a9c0-6bdc8bdc895e\magnoplayersetup.exe, In Quarantäne, [b891b6954a400c2a096a7dec8f710ff1],
PUP.Optional.InstallCore, C:\Users\Kerstin2\AppData\Local\Temp\is1488139799\5D4B7A38_stp\uninstaller.exe, In Quarantäne, [5decc7840981a49262bebb8a3dc5c739],
PUP.Optional.SaverBox.A, C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.tlb, In Quarantäne, [a8a1e665cac00531681caa0b62a109f7],
PUP.Optional.SaverBox.A, C:\Program Files (x86)\saverabbox\OHCL6P4TQSIUT9.dat, In Quarantäne, [a8a1e665cac00531681caa0b62a109f7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\GoHDV28.02\bgNova.html, In Quarantäne, [95b4b39868229e98a964bef8a45f718f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\GoHDV28.02\1293297481.mxaddon, In Quarantäne, [95b4b39868229e98a964bef8a45f718f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\GoHDV28.02\fcec65a1-c4ef-4768-aced-72de71b8d61a.crx, In Quarantäne, [95b4b39868229e98a964bef8a45f718f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\GoHDV28.02\fcec65a1-c4ef-4768-aced-72de71b8d61a.xpi, In Quarantäne, [95b4b39868229e98a964bef8a45f718f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD Cinema Plus 1..7V28.02\bgNova.html, In Quarantäne, [02470a410a800d2915f85d598f7439c7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD Cinema Plus 1..7V28.02\1293297481.mxaddon, In Quarantäne, [02470a410a800d2915f85d598f7439c7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD Cinema Plus 1..7V28.02\47420434-22ce-47eb-80d9-02bea0df4c44.crx, In Quarantäne, [02470a410a800d2915f85d598f7439c7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\HD Cinema Plus 1..7V28.02\47420434-22ce-47eb-80d9-02bea0df4c44.xpi, In Quarantäne, [02470a410a800d2915f85d598f7439c7],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\I - Cinema\bgNova.html, In Quarantäne, [4efb97b4d8b2a4927598684e867d46ba],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\I - Cinema\0ccd3c9c-c648-4539-8e54-46c8e49ef942.crx, In Quarantäne, [4efb97b4d8b2a4927598684e867d46ba],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\I - Cinema\0ccd3c9c-c648-4539-8e54-46c8e49ef942.xpi, In Quarantäne, [4efb97b4d8b2a4927598684e867d46ba],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\I - Cinema\1293297481.mxaddon, In Quarantäne, [4efb97b4d8b2a4927598684e867d46ba],
PUP.Optional.Vitruvian.A, C:\Users\Kerstin2\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, In Quarantäne, [e5641536d5b5cb6bbae19bacda2b2ed2],
PUP.Optional.Vitruvian.A, C:\Users\Kerstin2\AppData\Local\Temp\vitruvian-installer-install-v0003, In Quarantäne, [7bce8dbeb7d3b086c3d857f0e5206799],
PUP.Optional.Vitruvian.A, C:\Users\Kerstin2\AppData\Local\Temp\vitruvian-installer-processes-v0002, In Quarantäne, [1831eb605c2efa3c306bba8db4519d63],
PUP.Optional.Vitruvian.A, C:\Users\Kerstin2\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, In Quarantäne, [c8813f0c33576fc7e5b6dd6aeb1a1be5],
PUP.Optional.Vitruvian.A, C:\Users\Kerstin2\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, In Quarantäne, [db6e2922fd8dd2644259e265947116ea],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\nsuEB1B.tmpfs, Löschen bei Neustart, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\jnsf2A8C.tmp, Löschen bei Neustart, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\rnsm170F.exe, In Quarantäne, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\Uninstall.exe, In Quarantäne, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Roaming\94488828-1425146695-11E3-8295-54EE751DA72A\vnsq94F5.tmp, In Quarantäne, [4aff0b402367e056cdd684c9e421b24e],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A\onszCE33.tmp, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A\pnsuCEFF.exe, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A\rnszCE32.exe, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A\snszCE31.tmp, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.MultiPlug.A, C:\Users\Kerstin2\AppData\Local\94488828-1425146775-11E3-8295-54EE751DA72A\Uninstall.exe, In Quarantäne, [b79294b77d0da1958c1dca83b74efa06],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\GoogleCrashHandler.exe, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\GoogleUpdate.exe, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\GoogleUpdateBroker.exe, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\GoogleUpdateHelper.msi, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\GoogleUpdateOnDemand.exe, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\goopdate.dll, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\goopdateres_en.dll, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\npGoogleUpdate4.dll, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\psmachine.dll, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.155329\psuser.dll, In Quarantäne, [52f7b893d9b187af592cdeb47e85f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\GoogleCrashHandler.exe, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\GoogleUpdate.exe, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\GoogleUpdateBroker.exe, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\GoogleUpdateHelper.msi, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\GoogleUpdateOnDemand.exe, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\goopdate.dll, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\goopdateres_en.dll, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\npGoogleUpdate4.dll, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\psmachine.dll, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.376442\psuser.dll, In Quarantäne, [08412d1ee5a566d0c0c5920029dab848],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\GoogleCrashHandler.exe, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\GoogleUpdate.exe, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\GoogleUpdateBroker.exe, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\GoogleUpdateHelper.msi, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\GoogleUpdateOnDemand.exe, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\goopdate.dll, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\goopdateres_en.dll, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\npGoogleUpdate4.dll, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\psmachine.dll, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.GlobalUpdate.A, C:\Users\Kerstin2\AppData\Local\Temp\comh.74829\psuser.dll, In Quarantäne, [a9a03318fd8d85b1dfa61a78788bd42c],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, In Quarantäne, [e3660f3c2c5e21151516c4f1a85b1ae6],
PUP.Optional.CrossRider.A, C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\prefs.js, Gut: (), Schlecht: (js.ourinfoonlinestack.com/plugin/apps/71819/plugins/na/ff/plugins.json), Ersetzt,[f851004b058563d32e483af9ca3ce719]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Kerstin2 (administrator) on KERSTIN on 29-03-2015 19:04:42
Running from C:\Users\Kerstin2\Desktop
Loaded Profiles: Kerstin2 (Available profiles: Kerstin2)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2786032 2014-02-25] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-06-20] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-06-20] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-06-20] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-06-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe
HKLM-x32\...\Run: [Lenovo Recommends] => C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [119280 2014-01-09] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Kerstin2\AppData\Roaming\Mozilla\Firefox\Profiles\7krc0f8i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-20]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-18] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [19440 2014-01-09] ()
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-06-20] (Lenovo)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2014-01-07] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-06-20] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-06-20] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-06-20] (Lenovo)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-06-20] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-06-20] (Lenovo)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2853400 2014-01-23] (Sonix Co. Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 19:02 - 2015-03-29 19:02 - 00020948 _____ () C:\Users\Kerstin2\Desktop\mbam text.txt
2015-03-29 19:00 - 2015-03-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-29 18:14 - 2015-03-29 18:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-29 18:14 - 2015-03-29 18:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-29 17:37 - 2015-03-29 17:37 - 00000000 ____D () C:\ProgramData\tmp
2015-03-29 17:37 - 2015-03-29 17:37 - 00000000 ____D () C:\ProgramData\hps
2015-03-29 17:17 - 2015-03-29 18:59 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 17:17 - 2015-03-29 17:17 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-29 17:17 - 2015-03-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-29 17:17 - 2015-03-29 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-29 17:17 - 2015-03-29 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-29 17:17 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-29 17:17 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-29 17:17 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-29 17:07 - 2015-03-29 17:07 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kerstin2\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-29 16:57 - 2015-03-29 16:58 - 00025263 _____ () C:\Users\Kerstin2\Desktop\AdwCleaner[S0].txt
2015-03-29 16:50 - 2015-03-29 19:04 - 00000000 ____D () C:\AdwCleaner
2015-03-29 16:49 - 2015-03-29 16:50 - 02168320 _____ () C:\Users\Kerstin2\Desktop\AdwCleaner_4.113.exe
2015-03-29 16:33 - 2015-03-29 16:33 - 00000000 ____D () C:\Users\Kerstin2\Desktop\RevoUninstallerPortable
2015-03-29 16:31 - 2015-03-29 16:31 - 02785665 _____ (PortableApps.com) C:\Users\Kerstin2\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-03-29 16:28 - 2015-03-29 18:39 - 00000000 ____D () C:\Program Files (x86)\LightEngine
2015-03-28 21:04 - 2015-03-28 21:05 - 00000000 ____D () C:\Program Files (x86)\GNotes Extension
2015-03-28 20:56 - 2015-03-28 20:57 - 00029918 _____ () C:\Users\Kerstin2\Desktop\Addition.txt
2015-03-28 20:56 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-28 20:56 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-28 20:52 - 2015-03-29 19:05 - 00017933 _____ () C:\Users\Kerstin2\Desktop\FRST.txt
2015-03-28 20:49 - 2015-03-29 19:04 - 00000000 ____D () C:\FRST
2015-03-28 20:48 - 2015-03-28 20:48 - 02095616 _____ (Farbar) C:\Users\Kerstin2\Desktop\FRST64.exe
2015-03-26 22:43 - 2015-03-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-26 12:41 - 2015-03-26 12:42 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Deployment
2015-03-26 12:41 - 2015-03-26 12:41 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Apps\2.0
2015-03-26 12:32 - 2015-03-26 12:32 - 00000000 ____D () C:\Users\Kerstin2\Documents\OneNote-Notizbücher
2015-03-26 12:23 - 2015-03-29 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-26 12:23 - 2015-03-26 12:23 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-26 12:21 - 2015-03-26 12:21 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-03-26 12:18 - 2015-03-29 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-26 12:18 - 2015-03-26 12:21 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-26 12:18 - 2015-03-26 12:18 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Microsoft Help
2015-03-26 12:18 - 2015-03-26 12:18 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-26 12:18 - 2015-03-26 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-26 12:15 - 2015-03-26 12:15 - 00000000 __RHD () C:\MSOCache
2015-03-26 12:12 - 2015-03-26 12:14 - 00000000 ____D () C:\Users\Kerstin2\Microsoft Office 2013
2015-03-26 12:12 - 2015-03-26 12:12 - 00000000 ____D () C:\Users\Kerstin2\Neuer Ordner (2)
2015-03-26 12:11 - 2015-03-26 12:11 - 00000000 ____D () C:\Users\Kerstin2\Neuer Ordner
2015-03-26 12:04 - 2015-03-26 12:10 - 653821919 _____ () C:\Users\Kerstin2\Downloads\MSO2013Sx64.exe
2015-03-23 18:55 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-23 18:55 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-23 18:55 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-23 18:55 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-23 18:55 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-23 18:55 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-23 18:55 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-23 18:55 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-23 18:55 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-23 18:55 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-23 18:55 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-23 18:55 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-23 18:55 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-23 18:55 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-23 18:55 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-23 18:55 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-23 18:55 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-23 18:55 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-23 18:55 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-23 18:55 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-23 18:55 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-23 18:55 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-23 18:55 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-23 18:55 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-23 18:55 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-23 18:55 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-23 18:55 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-23 18:55 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-23 18:55 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-23 18:55 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-23 18:55 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-23 18:55 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-23 18:55 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-23 18:55 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-23 18:54 - 2015-03-23 18:54 - 00000000 _____ () C:\Users\Kerstin2\Sti_Trace.log
2015-03-23 18:54 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-23 18:54 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-23 18:54 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-23 18:54 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-23 18:54 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-23 18:54 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-23 18:54 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-23 18:54 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-23 18:54 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-23 18:54 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-23 18:54 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-23 18:54 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-23 18:54 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-23 18:54 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-23 18:54 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-23 18:54 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-23 18:54 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-23 18:54 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-23 18:54 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-23 18:54 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-23 18:54 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-23 18:54 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-23 18:54 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-23 18:54 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-23 18:54 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-23 18:54 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-23 18:54 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-23 18:54 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-23 18:54 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-23 18:53 - 2015-03-23 18:53 - 00000158 _____ () C:\Users\Kerstin2\Desktop\chrome.lnk
2015-03-23 18:53 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-23 18:53 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-23 18:53 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-23 18:53 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-23 18:53 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-23 18:53 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-23 18:53 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-23 18:50 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-23 18:50 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-23 18:50 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-23 18:50 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-23 18:50 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-23 18:50 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-23 18:50 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-23 18:50 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-23 18:50 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-23 18:50 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-23 18:50 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-23 18:46 - 2015-03-23 18:46 - 00000957 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2015-03-23 18:46 - 2015-03-23 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-03-23 18:46 - 2012-08-08 01:00 - 00094208 _____ (Seiko Epson Corporation.) C:\WINDOWS\system32\esxw2_dd.dll
2015-03-23 18:46 - 2012-04-20 01:00 - 00262144 _____ (Seiko Epson Corporation) C:\WINDOWS\SysWOW64\esintdd.dll
2015-03-23 18:46 - 2012-04-18 01:00 - 00281088 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxuindd.dll
2015-03-23 18:46 - 2012-03-26 02:00 - 00065793 _____ () C:\WINDOWS\system32\esfwdd.bin
2015-03-23 18:46 - 2009-10-16 01:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2015-03-23 18:46 - 2009-10-16 01:00 - 00013824 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxcdev.dll
2015-03-23 13:27 - 2015-03-23 13:28 - 00000000 ____D () C:\Program Files (x86)\QR Code generator
2015-03-23 13:18 - 2015-03-23 18:45 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-23 13:13 - 2015-03-23 13:15 - 49747968 _____ () C:\Users\Kerstin2\Downloads\epson374936eu.exe
2015-03-23 13:11 - 2015-03-23 13:11 - 17927680 _____ () C:\Users\Kerstin2\Downloads\epson374212eu.exe
2015-02-28 20:31 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-28 20:31 - 2014-12-13 23:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-28 20:31 - 2014-10-29 03:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-28 20:31 - 2014-10-29 03:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-28 20:31 - 2014-10-29 03:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-28 20:31 - 2014-10-29 03:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-28 20:17 - 2015-02-28 20:17 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\Google
2015-02-28 20:15 - 2015-03-29 18:55 - 00001364 _____ () C:\WINDOWS\Tasks\CVYOB.job
2015-02-28 20:15 - 2015-02-28 20:15 - 00004374 _____ () C:\WINDOWS\System32\Tasks\CVYOB
2015-02-28 19:54 - 2015-02-28 19:54 - 00003102 _____ () C:\WINDOWS\System32\Tasks\{FCFB07AE-70FA-40FC-95BB-98107BC46DAA}
2015-02-28 19:45 - 2015-03-22 17:50 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-02-28 19:25 - 2015-02-28 19:25 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\CrashRpt
2015-02-28 19:24 - 2015-02-28 19:24 - 00613067 _____ (CMI Limited) C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp
2015-02-28 19:06 - 2015-03-22 18:23 - 00000000 ___HD () C:\Users\Public\Temp
2015-02-28 18:43 - 2015-02-28 19:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-28 18:36 - 2015-02-28 18:36 - 01055936 _____ (Adobe) C:\Users\Kerstin2\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 19:04 - 2015-02-16 16:19 - 00001279 _____ () C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-03-29 19:04 - 2014-06-20 22:45 - 00000000 ____D () C:\ProgramData\LU
2015-03-29 19:01 - 2014-06-21 07:37 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-29 19:01 - 2014-06-21 07:37 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-29 19:01 - 2014-03-18 11:53 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-29 19:00 - 2014-08-08 03:18 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-899650465-2179727545-1206695400-1002
2015-03-29 19:00 - 2014-06-20 21:56 - 01865651 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-29 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-29 18:57 - 2014-06-20 22:13 - 00728466 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2015-03-29 18:55 - 2015-02-16 20:41 - 00000000 ___RD () C:\Users\Kerstin2\OneDrive
2015-03-29 18:54 - 2013-08-22 16:46 - 00022718 _____ () C:\WINDOWS\setupact.log
2015-03-29 18:54 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-29 18:54 - 2013-08-22 16:44 - 00491696 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-29 18:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-29 18:52 - 2014-03-18 11:44 - 00048444 _____ () C:\WINDOWS\PFRO.log
2015-03-29 18:52 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System
2015-03-29 18:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-29 18:51 - 2014-06-20 22:40 - 00002560 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-29 18:18 - 2013-08-22 15:25 - 00000269 _____ () C:\WINDOWS\win.ini
2015-03-29 18:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-29 18:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 18:00 - 2013-08-22 17:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-29 17:57 - 2015-02-16 18:10 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-29 17:57 - 2015-02-16 18:10 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-29 17:06 - 2014-08-08 14:22 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A722FFF0-A6C9-4DF2-85FD-AD8A23D16ED9}
2015-03-29 16:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-28 21:16 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-28 21:15 - 2014-09-22 22:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-28 21:11 - 2014-09-22 22:37 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-28 21:05 - 2015-02-18 17:54 - 00000000 ____D () C:\ProgramData\11265266968740044361
2015-03-26 23:19 - 2015-02-16 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 12:23 - 2014-03-18 11:38 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-26 12:12 - 2014-08-08 03:12 - 00000000 ____D () C:\Users\Kerstin2
2015-03-26 11:36 - 2014-10-26 15:58 - 00000140 _____ () C:\Users\Kerstin2\AppData\Roaming\WB.CFG
2015-03-23 18:53 - 2014-08-08 03:22 - 00000000 ____D () C:\Users\Kerstin2\AppData\Local\CrashDumps
2015-03-22 18:33 - 2015-02-16 17:12 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-22 18:33 - 2015-02-16 17:12 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-22 18:33 - 2014-08-08 03:13 - 00001461 _____ () C:\Users\Kerstin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-04 23:24 - 2015-02-16 16:12 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 23:24 - 2015-02-16 16:12 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 15:17 - 2014-10-26 16:09 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-28 20:01 - 2014-10-26 15:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-28 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-28 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\CVYOB
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\FUUEQB
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\KTJLIDE
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\RPMKXY
2014-10-26 15:58 - 2015-03-26 11:36 - 0000140 _____ () C:\Users\Kerstin2\AppData\Roaming\WB.CFG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\XJ
2015-02-16 16:36 - 2015-02-16 16:36 - 0000001 _____ () C:\Users\Kerstin2\AppData\Local\DSI.DAT
2015-02-16 16:36 - 2015-02-16 16:36 - 0022528 _____ () C:\Users\Kerstin2\AppData\Local\dsisetup17004062.exe
2015-02-28 19:24 - 2015-02-28 19:24 - 0613067 _____ (CMI Limited) C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp
2014-06-20 22:19 - 2014-06-20 22:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Kerstin2\AppData\Local\Temp\43A8B703-AACB-5883-BFEE-246C38D2775C.exe
C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.dll
C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.exe
C:\Users\Kerstin2\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kerstin2\AppData\Local\Temp\ccicabfbbg.exe
C:\Users\Kerstin2\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Kerstin2\AppData\Local\Temp\COMAP.EXE
C:\Users\Kerstin2\AppData\Local\Temp\Quarantine.exe
C:\Users\Kerstin2\AppData\Local\Temp\setacl.exe
C:\Users\Kerstin2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-18 18:29

==================== End Of Log ============================
--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Kerstin2 at 2015-03-29 19:06:14
Running from C:\Users\Kerstin2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{8C2CC7A2-E3D9-5566-2D10-AE778A4F9B43}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.8.0 - AppEx Networks)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-899650465-2179727545-1206695400-1002\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Atheros Outlook Addin 2010)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dell 2135cn MFP Scanner-Treiber (HKLM-x32\...\{2A9048D8-BCBD-4BCC-A261-5E8A60084246}) (Version: 1.0.2.0 - Dell Inc.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
Energy Manager (x32 Version: 1.5.0.20 - Lenovo) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1321.0_WHQL - Sonix)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{0D740B00-2307-44AC-B91B-F3E67444ECA6}) (Version: 2.0.1.0107 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.1.0107 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.0 - Lenovo) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo Recommends (HKLM-x32\...\{267C8BA0-876B-4589-9F14-EFB84ABCEA7F}) (Version: 1.5.014.0211 - Lenovo)
Lenovo Smart Voice (HKLM\...\Lenovo SmartVoice) (Version: 1.0.2.2 - Lenovo)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.1.14.1221 - Lenovo)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Magic Transfer (x32 Version: 1.1.1.11 - Lenovo) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Ihr Firmenname)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.80 - Synaptics Incorporated)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-02-2015 19:03:35 Uniblue SpeedUpMyPC installation
28-02-2015 19:03:35 Uniblue DriverScanner installation
28-02-2015 19:29:50 Wiederherstellungsvorgang
26-03-2015 12:15:01 Installed Microsoft Office Standard 2013
26-03-2015 12:16:04 STANDARD
29-03-2015 16:38:13 Revo Uninstaller's restore point - SharkManCoupon

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-11-13 22:46 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F7F1F15-CECA-47DD-AE25-D5780F117859} - System32\Tasks\CVYOB => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe <==== ATTENTION
Task: {52E3C113-48EB-457F-8213-014E2A4AE4EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5D1A1522-454A-48EC-AF2D-6AE4768C4FB5} - System32\Tasks\{FCFB07AE-70FA-40FC-95BB-98107BC46DAA} => pcalua.exe -a C:\ProgramData\TVWizard\uninstall.exe -c /kb=y /ic=1 <==== ATTENTION
Task: {6591B441-BA34-44AF-93E7-FAEC69E912F5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-28] (Microsoft Corporation)
Task: {9EF945BB-B1BA-4BD2-9642-D8BC3E8CE83C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A89A6154-ABF6-48BD-9623-E0A87E75A11C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C0571042-4AC0-4C8C-9792-F9500C1A0753} - System32\Tasks\Lenovo Smart Voice => C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe [2014-06-20] (Lenovo)
Task: {D262540E-0B7C-4D13-A7D0-26D92FF8D7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\CVYOB.job => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-04-18 22:13 - 2014-04-18 22:13 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-18 22:12 - 2014-04-18 22:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-06-20 22:31 - 2014-01-09 18:27 - 00019440 _____ () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
2014-06-20 22:39 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-20 22:40 - 2014-06-20 22:40 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-06-20 22:40 - 2014-06-20 22:40 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-06-20 22:31 - 2014-06-20 22:31 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2015-02-16 17:42 - 2015-02-16 20:46 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-06-20 22:31 - 2014-06-20 22:31 - 00294672 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
2014-03-26 12:50 - 2014-06-20 22:42 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll
2014-06-20 22:31 - 2014-06-20 22:31 - 00109328 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
2014-06-20 22:31 - 2014-01-09 18:30 - 00044016 _____ () C:\Program Files (x86)\Lenovo\Lenovo Recommends\Util.dll
2015-02-21 17:40 - 2015-02-21 17:40 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2015-02-21 17:40 - 2015-02-21 17:40 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-02-21 17:40 - 2015-02-21 17:40 - 01259520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\8f0dd293f95c402613c49fb2fac85bdd\Windows.Networking.ni.dll
2015-02-21 17:40 - 2015-02-21 17:40 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-04-18 22:12 - 2014-04-18 22:12 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-18 22:13 - 2014-04-18 22:13 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-06-20 22:39 - 2014-06-20 22:39 - 00101648 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LUpdatePackage.dll
2014-06-20 22:31 - 2014-06-20 22:31 - 00105744 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\Config\1366\TransitionLib.dll
2014-06-20 22:31 - 2014-06-20 22:31 - 00102160 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LUpdatePackage.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kerstin2\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Kerstin2\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Kerstin2\OneDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-899650465-2179727545-1206695400-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerstin2\Pictures\bilder\2014\abiabschluss\IMG_0173.JPG
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-899650465-2179727545-1206695400-500 - Administrator - Disabled)
Gast (S-1-5-21-899650465-2179727545-1206695400-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-899650465-2179727545-1206695400-1004 - Limited - Enabled)
Kerstin2 (S-1-5-21-899650465-2179727545-1206695400-1002 - Administrator - Enabled) => C:\Users\Kerstin2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 06:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1808

Startzeit: 01d06a3b375b56fb

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 2b669adc-d62f-11e4-826f-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/29/2015 06:08:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b90

Startzeit: 01d06a39e9eb99fa

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: de438e32-d62d-11e4-826f-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/29/2015 06:06:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4420.1017, Zeitstempel: 0x506742d6
Name des fehlerhaften Moduls: PenIMC.dll, Version: 3.0.6920.7903, Zeitstempel: 0x51ea2707
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005d37
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (03/29/2015 04:57:30 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11079

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11079

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a30

Startzeit: 01d06987b87cf6c7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: acc0df23-d57b-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/28/2015 08:48:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c90

Startzeit: 01d069871a996aee

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe

Berichts-ID: 07003487-d57b-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.onenoteim

Error: (03/28/2015 08:48:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d60

Startzeit: 01d0680c303f6fb9

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: f2b4fa70-d57a-11e4-826d-54ee751da72a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (03/29/2015 06:57:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/29/2015 04:59:18 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/29/2015 04:58:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 04:58:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LightEngine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 04:58:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 04:58:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/29/2015 04:58:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VeriFaceSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 04:58:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ymc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 04:58:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2015 04:58:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PGService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (03/29/2015 06:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689180801d06a3b375b56fb4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe2b669adc-d62f-11e4-826f-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/29/2015 06:08:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891b9001d06a39e9eb99fa4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exede438e32-d62d-11e4-826f-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/29/2015 06:06:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4420.1017506742d6PenIMC.dll3.0.6920.790351ea2707c00000050000000000005d37

Error: (03/29/2015 04:57:30 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11079

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11079

Error: (03/29/2015 04:20:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/28/2015 08:53:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689a3001d06987b87cf6c74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeacc0df23-d57b-11e4-826d-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (03/28/2015 08:48:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841c9001d069871a996aee4294967295C:\WINDOWS\system32\backgroundTaskHost.exe07003487-d57b-11e4-826d-54ee751da72aMicrosoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwemicrosoft.onenoteim

Error: (03/28/2015 08:48:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689d6001d0680c303f6fb94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef2b4fa70-d57a-11e4-826d-54ee751da72amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


CodeIntegrity Errors:
===================================
  Date: 2015-02-28 18:30:32.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:30:31.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:39.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:39.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:33.725
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-28 18:29:33.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-13 21:45:27.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-13 21:45:27.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 59%
Total physical RAM: 3514.99 MB
Available physical RAM: 1429.31 MB
Total Pagefile: 4730.99 MB
Available Pagefile: 2530.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.25 GB) (Free:379.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BB91C08B)

Partition: GPT Partition Type.

==================== End Of Log ============================

Nickyla 29.03.2015 18:14
Hi, hoffe das ist alles so richtig! danke schonmal :)

deeprybka 29.03.2015 18:19
Ok, müssen dann noch paar Tasks usw. fixen.

Mach gleich mal noch den ESET-Scan, wichtig dabei: nichts löschen lassen!

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Nickyla 29.03.2015 18:39
danke!

deeprybka 29.03.2015 18:45
Gerne! :)

Nickyla 31.03.2015 08:33
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6205156242ad594182575f3f75ab0255
# engine=23139
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-30 03:04:27
# local_time=2015-03-30 05:04:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 15397356 114146483 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 85961 18032186 0 0
# scanned=88191
# found=50
# cleaned=0
# scan_time=76540
sh=A45E255CAEF70F786120495ABA580294A0C98C2D ft=1 fh=c71c001122137e33 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.dll.vir"
sh=AA277831039DF4898872DCCF744186CD62DAD2D2 ft=1 fh=70a819cba75218f4 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.x64.dll.vir"
sh=4A8DF1FD054CEF435454722C380BFCE9FBC89195 ft=1 fh=c71c001149b0d9f1 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.dll.vir"
sh=164A81725915367B906059486C5E57B7BE525818 ft=1 fh=6879a22e9a4ae02a vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.x64.dll.vir"
sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir"
sh=86751CC7B3A44846C5BA3056AC35CC9CC71ECEEF ft=1 fh=c71c0011b8610080 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftCooUp\dHBRIdCrR2s83x.dll.vir"
sh=926218A3FFC4866B917DB4C7212A64AC5E9346E4 ft=1 fh=70a819cbf8b2e4ab vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftCooUp\dHBRIdCrR2s83x.x64.dll.vir"
sh=80DEFE2969E40217D3F3042668FA4267ACEBC806 ft=1 fh=c71c00110e3d0ad9 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.dll.vir"
sh=03515A65D87F273AB08865DB99BA8C82F97AAF54 ft=1 fh=cecc82c60d6da9a4 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.x64.dll.vir"
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=BC4326AF84A92BBDA835B512779DEC7A790D8285 ft=1 fh=0dbbc2470c656825 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=0641D63D85DA4259B27FA455972E762B6FC04092 ft=1 fh=b7e7d2287abcc02c vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=DB33998C174F7A431AC3D936E1A3BD153CCF44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Cache\f_000001.vir"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.29_0\extensionData\plugins\91.js.vir"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.29_1\extensionData\plugins\91.js.vir"
sh=1E29CE143B4C65CCDC27D48EA7A67879E705B682 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Roaming\PennyBee\UpdateProc\bkup.dat.vir"
sh=20AD2476E084DD4FB4243131AC820E27A4B679E2 ft=1 fh=1b4380ba34860949 vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\rcore.exe.vir"
sh=AABCE417D56D5FBDFFE8902BF1AADA4F521C41FB ft=1 fh=6e7e0a4ad6e07b13 vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys.vir"
sh=6408D61C9809E743126596AF762ABA61C67626F2 ft=1 fh=11b2d7f1750c67b8 vn="Win32/Adware.DsiLoad.A Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\dsisetup17004062.exe"
sh=E780478F47E923EBE919918D475B5A4F4B1FBA26 ft=1 fh=fe85c3d959983663 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp"
sh=86A1D79411AEF7C43048A9C4A34A8A0BE7B179B5 ft=1 fh=06b2663914bb0ba8 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\0TYSH04U\Setup[1].exe"
sh=D22274186BC4B72BB4F0624813578DBC6F8C77E4 ft=1 fh=ba10faf1acf52235 vn="Variante von Win32/SoftPulse.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\H0BBEYZN\Setup.exe"
sh=D3BD179A1BA5E8DEDC4B16359220C4CFEE54059F ft=1 fh=eb3f134f667a9c00 vn="Win32/OutBrowse.BU evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\J3H5FPBN\Doctor_pc[2].exe"
sh=EB3196A941EF0D07625610B14B794CF0AEAF137D ft=1 fh=cae0d08db88f1959 vn="Variante von Win32/SoftPulse.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CUN1AE39\Setup[2].exe"
sh=9582DCF25544F2A95131A59DB4A68D9D239F1EC4 ft=1 fh=0dc1af8dd63abe22 vn="Variante von Win32/InstallCore.UN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KYYMWWC7\adobe_flash_setup[1].exe"
sh=68AF06A8F53454AA45FE678B6BE4DDB1E1C5D546 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\1F05E8F73C66A1E69E256CA501DD383E2DE1CFD4"
sh=28CF2B99F282E545C1F77BAF327D440708F891A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\93611C03DE4AE80480CF194A1AEA05B43FF69920"
sh=3495724DD9F6066E8336197DBADE6FF3DC828F18 ft=1 fh=c71c00112835ea02 vn="Variante von Win32/Adware.AddLyrics.DQ Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\43A8B703-AACB-5883-BFEE-246C38D2775C.exe"
sh=86D291B12A8790F39CE22B867374A092AD91ADBE ft=1 fh=c71c0011a6c5caa7 vn="Variante von Win32/Adware.AddLyrics.DR Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.exe"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\BackupSetup.exe"
sh=7B265DB1BB7D680894238787F07BC87E1A951642 ft=1 fh=2bda047df411f6d7 vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ccicabfbbg.exe"
sh=5C590C71BDC96BCA356ABC7594DBA648AF5E33DD ft=1 fh=8d495a32a6191ce1 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsl63F1.tmp"
sh=8D948D3F7791FA18F8EE47442543DE34FC832473 ft=1 fh=0ede0e1a31c9b2c5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsmE57B.tmp"
sh=57A4F197A5B116F1FC2B90FEF7A836D03C515583 ft=1 fh=14313ef4d8a1d442 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsn77E1.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nss2BE3.tmp"
sh=86A1D79411AEF7C43048A9C4A34A8A0BE7B179B5 ft=1 fh=06b2663914bb0ba8 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsz9384.tmp"
sh=7A23B38A2655EF2D4F675CBCC476E2C146FA47EF ft=1 fh=2fade1b5ea694f88 vn="Win32/VOPackage.BT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsk98D2.tmp"
sh=5C590C71BDC96BCA356ABC7594DBA648AF5E33DD ft=1 fh=8d495a32a6191ce1 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsl63F1.tmp"
sh=8D948D3F7791FA18F8EE47442543DE34FC832473 ft=1 fh=0ede0e1a31c9b2c5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsmE57B.tmp"
sh=57A4F197A5B116F1FC2B90FEF7A836D03C515583 ft=1 fh=14313ef4d8a1d442 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsn77E1.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss2BE3.tmp"
sh=ED7650FE1F7514B941899AD981678AF926330B4C ft=1 fh=4c8f8141559017d2 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss5551.tmp"
sh=D79166F4DD2C18F8BAD7839CB4D0F28905F2387F ft=1 fh=d5e01e8e608fa1aa vn="Win32/Adware.ConvertAd.BN Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsu661A.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6205156242ad594182575f3f75ab0255
# engine=23154
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-30 03:19:33
# local_time=2015-03-30 05:19:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 15398262 114147389 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 86867 18033092 0 0
# scanned=87
# found=5
# cleaned=0
# scan_time=13
sh=A45E255CAEF70F786120495ABA580294A0C98C2D ft=1 fh=c71c001122137e33 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.dll.vir"
sh=AA277831039DF4898872DCCF744186CD62DAD2D2 ft=1 fh=70a819cba75218f4 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.x64.dll.vir"
sh=4A8DF1FD054CEF435454722C380BFCE9FBC89195 ft=1 fh=c71c001149b0d9f1 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.dll.vir"
sh=164A81725915367B906059486C5E57B7BE525818 ft=1 fh=6879a22e9a4ae02a vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.x64.dll.vir"
sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6205156242ad594182575f3f75ab0255
# engine=23154
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-30 09:28:55
# local_time=2015-03-30 11:28:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5129 16777214 100 97 15420424 114169551 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 22748 18055254 0 0
# scanned=261870
# found=79
# cleaned=0
# scan_time=22066
sh=A45E255CAEF70F786120495ABA580294A0C98C2D ft=1 fh=c71c001122137e33 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.dll.vir"
sh=AA277831039DF4898872DCCF744186CD62DAD2D2 ft=1 fh=70a819cba75218f4 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FFineDealSofft\cp0BhuCohlBDhs.x64.dll.vir"
sh=4A8DF1FD054CEF435454722C380BFCE9FBC89195 ft=1 fh=c71c001149b0d9f1 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.dll.vir"
sh=164A81725915367B906059486C5E57B7BE525818 ft=1 fh=6879a22e9a4ae02a vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceDoWnoloadeR\SBz6djXOmPuyVY.x64.dll.vir"
sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir"
sh=86751CC7B3A44846C5BA3056AC35CC9CC71ECEEF ft=1 fh=c71c0011b8610080 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftCooUp\dHBRIdCrR2s83x.dll.vir"
sh=926218A3FFC4866B917DB4C7212A64AC5E9346E4 ft=1 fh=70a819cbf8b2e4ab vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftCooUp\dHBRIdCrR2s83x.x64.dll.vir"
sh=80DEFE2969E40217D3F3042668FA4267ACEBC806 ft=1 fh=c71c00110e3d0ad9 vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.dll.vir"
sh=03515A65D87F273AB08865DB99BA8C82F97AAF54 ft=1 fh=cecc82c60d6da9a4 vn="Variante von Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TTicTaCoupona\kOEFsQEM7VbVIF.x64.dll.vir"
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=BC4326AF84A92BBDA835B512779DEC7A790D8285 ft=1 fh=0dbbc2470c656825 vn="Variante von MSIL/Adware.PullUpdate.L.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=0641D63D85DA4259B27FA455972E762B6FC04092 ft=1 fh=b7e7d2287abcc02c vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=DB33998C174F7A431AC3D936E1A3BD153CCF44A3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Cache\f_000001.vir"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.29_0\extensionData\plugins\91.js.vir"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.29_1\extensionData\plugins\91.js.vir"
sh=0395C2401ECE34F9E6545E9279515BDB24C5471C ft=0 fh=0000000000000000 vn="Win32/AztecMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx.vir"
sh=1E29CE143B4C65CCDC27D48EA7A67879E705B682 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kerstin2\AppData\Roaming\PennyBee\UpdateProc\bkup.dat.vir"
sh=20AD2476E084DD4FB4243131AC820E27A4B679E2 ft=1 fh=1b4380ba34860949 vn="Variante von Win32/Agent.WGA Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\rcore.exe.vir"
sh=AABCE417D56D5FBDFFE8902BF1AADA4F521C41FB ft=1 fh=6e7e0a4ad6e07b13 vn="Variante von Win64/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys.vir"
sh=6408D61C9809E743126596AF762ABA61C67626F2 ft=1 fh=11b2d7f1750c67b8 vn="Win32/Adware.DsiLoad.A Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\dsisetup17004062.exe"
sh=E780478F47E923EBE919918D475B5A4F4B1FBA26 ft=1 fh=fe85c3d959983663 vn="Win32/AnyProtect.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp"
sh=86A1D79411AEF7C43048A9C4A34A8A0BE7B179B5 ft=1 fh=06b2663914bb0ba8 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\0TYSH04U\Setup[1].exe"
sh=D22274186BC4B72BB4F0624813578DBC6F8C77E4 ft=1 fh=ba10faf1acf52235 vn="Variante von Win32/SoftPulse.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\H0BBEYZN\Setup.exe"
sh=D3BD179A1BA5E8DEDC4B16359220C4CFEE54059F ft=1 fh=eb3f134f667a9c00 vn="Win32/OutBrowse.BU evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\IE\J3H5FPBN\Doctor_pc[2].exe"
sh=EB3196A941EF0D07625610B14B794CF0AEAF137D ft=1 fh=cae0d08db88f1959 vn="Variante von Win32/SoftPulse.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CUN1AE39\Setup[2].exe"
sh=9582DCF25544F2A95131A59DB4A68D9D239F1EC4 ft=1 fh=0dc1af8dd63abe22 vn="Variante von Win32/InstallCore.UN evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Microsoft\Windows\INetCache\Low\IE\KYYMWWC7\adobe_flash_setup[1].exe"
sh=FE03B02D058F7E15D48A7DE93A26F944E46E9B2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\032F4BF41C9FF778FE57A40D61427959A6B282E3"
sh=68AF06A8F53454AA45FE678B6BE4DDB1E1C5D546 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\1F05E8F73C66A1E69E256CA501DD383E2DE1CFD4"
sh=85F9784B633742DBBFE262639CCEE520E172540F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\63CE16D06D58208602F9D3E067FA2AAC6FA0F3C9"
sh=28CF2B99F282E545C1F77BAF327D440708F891A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Mozilla\Firefox\Profiles\7krc0f8i.default\cache2\entries\93611C03DE4AE80480CF194A1AEA05B43FF69920"
sh=A187A27014ADF1B30CDE0F23AACF244F049B9969 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\17B6.tmp"
sh=3495724DD9F6066E8336197DBADE6FF3DC828F18 ft=1 fh=c71c00112835ea02 vn="Variante von Win32/Adware.AddLyrics.DQ Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\43A8B703-AACB-5883-BFEE-246C38D2775C.exe"
sh=A187A27014ADF1B30CDE0F23AACF244F049B9969 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\6958.tmp"
sh=86D291B12A8790F39CE22B867374A092AD91ADBE ft=1 fh=c71c0011a6c5caa7 vn="Variante von Win32/Adware.AddLyrics.DR Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\8C99E2E5-BAF9-E7F6-12FF-229C1AC46C25.exe"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\BackupSetup.exe"
sh=7B265DB1BB7D680894238787F07BC87E1A951642 ft=1 fh=2bda047df411f6d7 vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ccicabfbbg.exe"
sh=A187A27014ADF1B30CDE0F23AACF244F049B9969 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\EF71.tmp"
sh=0804377C8FB4EC38EB7A275442B6F4214C40F656 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\F8CF.tmp"
sh=ECD8AF2A3D70DC1B6E58D380BAF2FD079F0C161D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\FB33.tmp"
sh=5C590C71BDC96BCA356ABC7594DBA648AF5E33DD ft=1 fh=8d495a32a6191ce1 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsl63F1.tmp"
sh=8D948D3F7791FA18F8EE47442543DE34FC832473 ft=1 fh=0ede0e1a31c9b2c5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsmE57B.tmp"
sh=57A4F197A5B116F1FC2B90FEF7A836D03C515583 ft=1 fh=14313ef4d8a1d442 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsn77E1.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nss2BE3.tmp"
sh=86A1D79411AEF7C43048A9C4A34A8A0BE7B179B5 ft=1 fh=06b2663914bb0ba8 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\ICReinstall_nsz9384.tmp"
sh=7A23B38A2655EF2D4F675CBCC476E2C146FA47EF ft=1 fh=2fade1b5ea694f88 vn="Win32/VOPackage.BT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsk98D2.tmp"
sh=5C590C71BDC96BCA356ABC7594DBA648AF5E33DD ft=1 fh=8d495a32a6191ce1 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsl63F1.tmp"
sh=8D948D3F7791FA18F8EE47442543DE34FC832473 ft=1 fh=0ede0e1a31c9b2c5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsmE57B.tmp"
sh=57A4F197A5B116F1FC2B90FEF7A836D03C515583 ft=1 fh=14313ef4d8a1d442 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsn77E1.tmp"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss2BE3.tmp"
sh=ED7650FE1F7514B941899AD981678AF926330B4C ft=1 fh=4c8f8141559017d2 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss5551.tmp"
sh=D79166F4DD2C18F8BAD7839CB4D0F28905F2387F ft=1 fh=d5e01e8e608fa1aa vn="Win32/Adware.ConvertAd.BN Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsu661A.tmp"
sh=B85BF34A77CD2599FD12C1653375FB5AEA7CAA97 ft=1 fh=f6f8fc6d3a41c05d vn="Win32/VOPackage.BT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsu8060.tmp"
sh=CC8B534CEB771E5C47FE6CF6CC2B78615492D0AB ft=1 fh=9c4d4bf16d0960a2 vn="Win32/Adware.ConvertAd.BN Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsw52E0.tmp"
sh=86A1D79411AEF7C43048A9C4A34A8A0BE7B179B5 ft=1 fh=06b2663914bb0ba8 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsz9384.tmp"
sh=DF65F12315145CFC83961A0CB88840FF34345A44 ft=1 fh=c5d2b4c909d202c9 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\5e92e252-d9f5-4ac7-bcb7-fef8029d76b2\speedupmypc.exe"
sh=49BE2D0CEC3017EB7AC51D376A7F92120CAFA1BF ft=1 fh=f85ff337fb456106 vn="Win32/Adware.ConvertAd.BS Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\af9d3b0e-0b55-48a4-b97f-8b4c5a0b8dcd\vopackage.exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\d6e0b972-ba8e-42f2-9ec5-f27b361cf689\cloud_backup_setup.exe"
sh=90A1B91944FCD34AC285455D5A8A72E0945148D7 ft=1 fh=a7c1157a50bdcfe6 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\is-ADED5.tmp\sp-standalone-setup.exe"
sh=16DF912F96438033B4065294B934738DBC9072DF ft=1 fh=5d1f954a634f269a vn="Variante von Win32/OptimizerEliteMax.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\is1488139799\181F6EF7_stp\OptimizerPro.exe"
sh=9B4404F0245B2019B97F3EF1AB0271AE750EDCC8 ft=1 fh=c71c0011ac55c63c vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsb615F.tmp\InstallerUtils.dll"
sh=E327C61B8781880A3328871DCC3D404436899DA5 ft=1 fh=23e3968d80dadab5 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsb615F.tmp\InstallerUtils2.dll"
sh=9B4404F0245B2019B97F3EF1AB0271AE750EDCC8 ft=1 fh=c71c0011ac55c63c vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsr9659.tmp\InstallerUtils.dll"
sh=E327C61B8781880A3328871DCC3D404436899DA5 ft=1 fh=23e3968d80dadab5 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nsr9659.tmp\InstallerUtils2.dll"
sh=3E079FF7431CFE1DD1954170ADC63A13ECC45FEA ft=1 fh=c71c0011562f5d33 vn="Variante von Win32/Packed.VMDetector.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss7BF8.tmp\InstallerUtils.dll"
sh=CEA44B59E10684BEE25A4B7C8F451DC106C0A211 ft=1 fh=7ca174df62c0f77b vn="Variante von Win32/Toolbar.CrossRider.CF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nss7BF8.tmp\InstallerUtils2.dll"
sh=965A332A37B7DA1D6D04EDD04BA37C2BA220C0AB ft=1 fh=e36f27a3dfa4cceb vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Local\Temp\nst1FE8.tmp\Helper.dll"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Roaming\CVYOB"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Roaming\FUUEQB"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Roaming\KTJLIDE"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Roaming\RPMKXY"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kerstin2\AppData\Roaming\XJ"
sh=424EC31857D36BF8076CEA5482780C1EC103F4EC ft=1 fh=adcf2765b677b6ed vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\ab7932a5\patch_ie.exe"
da ist es :)

deeprybka 31.03.2015 11:16
Prima. :)

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w8.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\CVYOB
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\FUUEQB
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\KTJLIDE
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Kerstin2\AppData\Roaming\RPMKXY
2014-10-26 15:58 - 2015-03-26 11:36 - 0000140 _____ () C:\Users\Kerstin2\AppData\Roaming\WB.CFG
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Kerstin2\AppData\Roaming\XJ
C:\Users\Kerstin2\AppData\Local\dsisetup17004062.exe
C:\Users\Kerstin2\AppData\Local\nsiCF72.tmp
Task: {1F7F1F15-CECA-47DD-AE25-D5780F117859} - System32\Tasks\CVYOB => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe
Task: {5D1A1522-454A-48EC-AF2D-6AE4768C4FB5} - System32\Tasks\{FCFB07AE-70FA-40FC-95BB-98107BC46DAA} => pcalua.exe -a C:\ProgramData\TVWizard\uninstall.exe -c /kb=y /ic=1
Task: C:\WINDOWS\Tasks\CVYOB.job => C:\Users\Kerstin2\AppData\Roaming\CVYOB.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132