Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ärger mit snapdo Suchmaschine (https://www.trojaner-board.de/165957-aerger-snapdo-suchmaschine.html)

lukas90 09.04.2015 22:32
Ärger mit snapdo Suchmaschine
 
Hallo

ich habe seit gestern Probleme mit der "snapdo" Suchmaschine. Sobald ich den Google Chrome öffne kommt "Snapdo" als Startseite, ebenso bei neuem Tab. Das Löschen über Systemsteuerung und IM Browser direkt hat nichts gebracht.
Ebenso hat mir ADWCleaner nur für kurzer Zeit geholfen. Sobald ich den Browser ein 2. mal öffne ist die Suchmaschine wieder da.
Könnt ihr mir da helfen?

Danke im vorraus!

deeprybka 09.04.2015 22:46
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

lukas90 09.04.2015 22:52

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lukas (administrator) on LUKAS-PC on 09-04-2015 23:49:43
Running from C:\Users\Lukas\Desktop
Loaded Profiles: Lukas (Available profiles: Lukas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor.exe
() C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor_run.exe
() C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ccoggsml.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\eueszpa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [smrt] => C:\Program Files (x86)\ProductUI\Startup.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [BitTorrent] => C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Spotify Web Helper] => C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Spotify] => C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\MountPoints2: {0b7c1f8e-8bd3-11e4-9ee5-38b1db29f1b4} - F:\startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll => C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll [254560 2015-04-09] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll => C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll [127280 2015-04-09] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{d8f92b9b-f8d6-e9d1-d8f9-92b9bf8dae6f}\hqghumeaylnlf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-18]

Chrome:
=======
CHR HomePage: Default -> https://www.google.de/?gws_rd=ssl
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
CHR Extension: (Google Docs) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
CHR Extension: (Google Drive) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-16]
CHR Extension: (YouTube) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-16]
CHR Extension: (Google Search) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-16]
CHR Extension: (Google Sheets) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-16]
CHR Extension: (Gmail) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-27] (Adobe Systems) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CopyEditor; C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor.exe [85504 2015-03-26] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-30] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 2003-06-13] (Adaptec)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 23:49 - 2015-04-09 23:50 - 00013444 _____ () C:\Users\Lukas\Desktop\FRST.txt
2015-04-09 23:49 - 2015-04-09 23:49 - 02095616 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-04-09 23:49 - 2015-04-09 23:49 - 00000000 ____D () C:\FRST
2015-04-09 23:47 - 2015-04-09 23:47 - 02095616 _____ (Farbar) C:\Users\Lukas\Downloads\FRST64.exe
2015-04-09 10:55 - 2015-04-09 10:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-09 10:55 - 2015-04-09 10:55 - 00000000 _____ () C:\autoexec.bat
2015-04-09 10:54 - 2015-04-09 23:43 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2015-04-09 10:53 - 2015-04-09 10:53 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lukas\Downloads\SpyHunter-installer.exe
2015-04-09 10:50 - 2015-04-09 10:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 10:49 - 2015-04-09 23:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-09 10:49 - 2015-04-09 10:49 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 10:35 - 2015-04-09 10:35 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Nico Mak Computing
2015-04-09 10:35 - 2015-04-09 10:35 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-04-08 23:05 - 2015-04-09 23:44 - 00000000 ____D () C:\AdwCleaner
2015-04-08 23:05 - 2015-04-08 23:05 - 02217984 _____ () C:\Users\Lukas\Downloads\adwcleaner_4.201.exe
2015-04-08 23:02 - 2015-04-08 23:02 - 00003152 _____ () C:\Windows\System32\Tasks\{CC775651-0B59-42ED-8035-A6AABF678E2D}
2015-04-08 23:02 - 2015-04-08 23:02 - 00000000 ____D () C:\Users\Lukas\Documents\Optimizer Pro
2015-04-08 22:56 - 2015-04-08 23:03 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\SpeedMon
2015-04-08 22:54 - 2015-04-08 22:54 - 00000000 ____D () C:\ProgramData\{3c3a57cf-1519-e9dd-3c3a-a57cf1515f3c}
2015-04-08 22:52 - 2015-04-08 22:52 - 00395344 _____ () C:\Users\Lukas\Downloads\adwcleaner-Download.exe
2015-04-07 19:41 - 2015-04-09 23:45 - 00425898 _____ () C:\Windows\PFRO.log
2015-04-07 19:41 - 2015-04-09 23:45 - 00000336 _____ () C:\Windows\setupact.log
2015-04-07 19:41 - 2015-04-07 19:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-07 17:18 - 2015-04-09 10:26 - 00000000 ____D () C:\ProgramData\Avira
2015-04-07 17:18 - 2015-04-07 17:18 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\dlg
2015-04-07 17:16 - 2015-04-09 11:04 - 00000000 ____D () C:\ProgramData\{d8f92b9b-f8d6-e9d1-d8f9-92b9bf8dae6f}
2015-04-07 17:15 - 2015-04-07 17:15 - 00000000 ____D () C:\ProgramData\d67f62e779954f0498e30aa3abc72476
2015-04-07 17:14 - 2015-04-09 23:47 - 00000000 ____D () C:\Users\Lukas\AppData\Local\CopyEditor
2015-04-07 17:14 - 2015-04-07 23:18 - 00000000 ____D () C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f
2015-04-07 17:00 - 2015-04-07 17:00 - 00040636 _____ () C:\Users\Lukas\Documents\cc_20150407_170035.reg
2015-04-07 16:48 - 2015-04-07 19:46 - 00000000 ____D () C:\Users\Lukas\Desktop\9n3
2015-04-02 20:09 - 2015-04-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-18 21:44 - 2015-03-18 22:02 - 00000000 ____D () C:\Users\Lukas\Desktop\e46
2015-03-16 20:31 - 2015-04-04 12:55 - 00000000 ____D () C:\Users\Lukas\Desktop\Neu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 23:49 - 2015-01-24 17:20 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Spotify
2015-04-09 23:49 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Spotify
2015-04-09 23:48 - 2014-11-16 14:43 - 01741804 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 23:47 - 2014-11-30 17:03 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\BitTorrent
2015-04-09 23:45 - 2014-11-16 18:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 23:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 23:44 - 2009-07-14 06:45 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 23:44 - 2009-07-14 06:45 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 23:12 - 2014-11-16 18:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 11:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2015-04-08 23:13 - 2009-07-14 19:58 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 23:13 - 2009-07-14 19:58 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 23:13 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 23:06 - 2014-11-16 18:38 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-08 23:06 - 2014-11-16 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-08 23:06 - 2014-11-16 14:47 - 00000995 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-07 19:48 - 2014-11-16 15:04 - 00000000 ____D () C:\Users\Lukas\Desktop\Lukas
2015-04-07 19:46 - 2014-11-16 15:23 - 00000000 ____D () C:\Users\Lukas\Desktop\Street-Magic
2015-04-07 19:42 - 2009-07-14 06:45 - 05329200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-07 19:41 - 2014-11-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 17:21 - 2014-11-25 18:22 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Mozilla
2015-04-07 17:00 - 2014-12-26 13:41 - 00000000 ____D () C:\Users\Lukas\AppData\Local\CrashDumps
2015-04-07 17:00 - 2014-12-11 16:31 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\PhotoScape
2015-04-07 17:00 - 2014-11-16 14:15 - 00000000 ____D () C:\Windows\Panther
2015-04-01 23:45 - 2014-11-20 23:58 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Adobe
2015-04-01 23:44 - 2014-11-16 18:37 - 00125896 _____ () C:\Users\Lukas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-28 15:59 - 2014-12-11 16:33 - 00061440 ____H () C:\Users\Lukas\Desktop\photothumb.db
2015-03-16 20:45 - 2014-11-16 18:27 - 00000000 ____D () C:\Users\Lukas\Documents\Bluetooth Folder
2015-03-16 20:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-01-14 18:30 - 2015-01-14 18:30 - 28488056 _____ (Sony Mobile Communications                                  ) C:\Users\Lukas\AppData\Local\pcc.exe

Some content of TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas\AppData\Local\Temp\optprosetup.exe
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\SHSetup.exe
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
C:\Users\Lukas\AppData\Local\Temp\supoptsetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 00:30

==================== End Of Log ============================
--- --- ---





Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lukas at 2015-04-09 23:50:25
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
NVIDIA Grafiktreiber 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
SecurityUtility Service (HKLM-x32\...\SecurityUtility Service) (Version:  - )
SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spotify (HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-03-2015 23:04:05 Geplanter Prüfpunkt
23-03-2015 18:39:07 Geplanter Prüfpunkt
31-03-2015 16:31:50 Geplanter Prüfpunkt
08-04-2015 12:04:22 Geplanter Prüfpunkt
09-04-2015 10:49:04 Removed Avira Browser Safety
09-04-2015 10:54:58 Installed SpyHunter
09-04-2015 23:43:08 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13645476-F6E4-478D-AED3-A7F5041DA986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: {2A51D0B0-D38E-487B-AAFE-19164B657752} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {38A3D67F-50D6-485B-8812-7D65CFDED071} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4645E69C-4774-4B00-A221-35DC69BB8080} - System32\Tasks\{CC775651-0B59-42ED-8035-A6AABF678E2D} => pcalua.exe -a C:\Users\Lukas\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cvs
Task: {7868A318-A2A2-43F5-B35A-2BA4CD9C4CBF} - System32\Tasks\{686CED13-1F99-4989-B82C-5C738177C138} => pcalua.exe -a C:\Users\Lukas\Desktop\Lukas\Programme\Solid\SW\SW2013_SP0.0_64bits_Crack_[hispargentino]\Crack\SW2010-2013.Activator.SSQ.exe -d C:\Users\Lukas\Desktop\Lukas\Programme\Solid\SW\SW2013_SP0.0_64bits_Crack_[hispargentino]\Crack
Task: {B6242B15-F315-405D-8B41-58A3C4301286} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DD515D79-436E-448B-8857-C810CEAAA9DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-16 20:03 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 00085504 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor.exe
2015-03-26 15:40 - 2015-03-26 15:40 - 01051136 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor_run.exe
2015-04-08 23:08 - 2015-04-09 23:45 - 00509120 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ccoggsml.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-09-28 06:50 - 2012-09-28 06:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2015-01-14 18:30 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-04-08 23:08 - 2015-04-09 23:45 - 00031822 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\eueszpa.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 02199552 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\CopyEditor_run.dll
2015-04-07 17:14 - 2015-04-07 17:14 - 06225408 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\bktn.dll
2015-03-26 15:40 - 2015-03-26 15:40 - 01819136 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\wziwjex.dll
2015-04-07 17:14 - 2015-04-09 23:45 - 00063644 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\yqlx.dll
2015-04-07 17:14 - 2015-04-09 23:45 - 01018240 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\umeqkev.dll
2015-04-07 19:42 - 2015-04-09 23:45 - 00005120 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ycwi.dll
2015-01-14 18:30 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-01-14 18:30 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2014-11-17 11:17 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-17 11:17 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-07 17:14 - 2015-04-09 23:45 - 00509120 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\mhqjhcxp.dll
2015-04-09 23:45 - 2015-04-09 23:45 - 00509120 _____ () C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\mgqvln.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-04 12:52 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 12:52 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-09 23:47 - 2015-04-09 23:47 - 00014336 _____ () C:\Users\Lukas\AppData\Local\Temp\WDEB9CC.tmp\ml_online.lng
2015-04-09 23:47 - 2015-04-09 23:47 - 00036352 _____ () C:\Users\Lukas\AppData\Local\Temp\WDEB9CC.tmp\ombrowser.lng
2015-04-04 12:52 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-04 12:52 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-213747835-2699745907-1178046859-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-213747835-2699745907-1178046859-500 - Administrator - Disabled)
Gast (S-1-5-21-213747835-2699745907-1178046859-501 - Limited - Disabled)
Lukas (S-1-5-21-213747835-2699745907-1178046859-1000 - Administrator - Enabled) => C:\Users\Lukas

==================== Faulty Device Manager Devices =============

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2015 10:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.118 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ff8

Startzeit: 01d072a1cfc9461c

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 9733f380-de95-11e4-b88f-cfd8bd0d2e8c

Error: (04/09/2015 10:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.118 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 678

Startzeit: 01d0729f6ab51d1e

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: a052453d-de93-11e4-a732-d1c7695e028f

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41906440

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41906440

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 05:19:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615827

Error: (04/08/2015 05:19:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615827


System errors:
=============
Error: (04/09/2015 11:45:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32

Error: (04/09/2015 11:45:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 11:44:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 11:44:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2015 11:44:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CopyEditor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/09/2015 10:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.118ff801d072a1cfc9461c4C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9733f380-de95-11e4-b88f-cfd8bd0d2e8c

Error: (04/09/2015 10:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.11867801d0729f6ab51d1e5C:\Program Files (x86)\Google\Chrome\Application\chrome.exea052453d-de93-11e4-a732-d1c7695e028f

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41906440

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41906440

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 05:19:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615827

Error: (04/08/2015 05:19:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615827


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 24%
Total physical RAM: 8119.36 MB
Available physical RAM: 6128.93 MB
Total Pagefile: 16236.9 MB
Available Pagefile: 14216.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.84 GB) (Free:464.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8DD6201F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=345.6 GB) - (Type=06)

==================== End Of Log ============================

deeprybka 10.04.2015 15:27
Schritt 1

Download von https://sites.google.com/site/canned...b27e2-Zoek.png ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    CopyEditor;s
    C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk;f
    C:\Users\Lukas\AppData\Local\CopyEditor;fs
    C:\ProgramData\{d8f92b9b-f8d6-e9d1-d8f9-92b9bf8dae6f};fs
    C:\Users\Lukas\Downloads\SpyHunter-installer.exe;f
    C:\Program Files\Enigma Software Group;fs
    C:\autoexec.bat;f
    C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP;f
    C:\ProgramData\Avira;fs
    C:\Users\Lukas\AppData\Roaming\dlg;fs
    C:\ProgramData\d67f62e779954f0498e30aa3abc72476;fs
    C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f;fs
    C:\Windows\System32\Tasks\{CC775651-0B59-42ED-8035-A6AABF678E2D};f
    standardsearch;
    autoclean;
    emptyclsid;
    chrdefaults;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.

lukas90 10.04.2015 18:00
Code:
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Lukas on 10.04.2015 at 18:47:54,45.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lukas\Desktop\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

10.04.2015 18:49:06 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\DassaultSystemes deleted successfully
C:\PROGRA~3\Simpoe deleted successfully
C:\Users\Lukas\AppData\Roaming\DassaultSystemes deleted successfully
C:\Users\Lukas\AppData\Roaming\dlg deleted successfully
C:\Users\Lukas\AppData\Roaming\Wondershare Video Converter Ultimate deleted successfully
C:\Users\Lukas\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\Lukas\AppData\Local\CrashDumps deleted successfully
C:\Users\Lukas\AppData\Local\DassaultSystemes deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73204B8A-87A8-49C8-A91A-FFCDE788A9ED} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903C3322-6CEF-4CA5-BD37-4F056155FC08} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\WSVCU@Wondershare.com deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ccoggsml.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\eueszpa.exe
C:\Users\Lukas\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CopyEditor deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CopyEditor deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Wondershare not found
C:\Users\Lukas\AppData\Roaming\dlg not found
C:\ProgramData\{d8f92b9b-f8d6-e9d1-d8f9-92b9bf8dae6f} deleted
C:\Program Files\Enigma Software Group deleted
C:\ProgramData\Avira deleted
C:\ProgramData\d67f62e779954f0498e30aa3abc72476 deleted
C:\ProgramData\Packer9dc087ae-908f-4f18-9cdf-58cd3413437f deleted
C:\PROGRA~3\{3c3a57cf-1519-e9dd-3c3a-a57cf1515f3c} deleted
C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\hqghumeaylnlf.lnk deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Lukas\AppData\Roaming\Nico Mak Computing\WinZip Malware Protector deleted
C:\PROGRA~3\Nico Mak Computing\WinZip Malware Protector deleted
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\Users\Lukas\AppData\Local\Wondershare deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Gambali deleted
C:\Users\Lukas\Documents\Optimizer Pro deleted
C:\Users\Lukas\AppData\Local\pcc.exe deleted
C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\4FGq70h7.default\extensions\abs@avira.com deleted
"C:\Users\Lukas\Downloads\SpyHunter-installer.exe" deleted
"C:\autoexec.bat" deleted
"C:\windows\SysNative\Tasks\{CC775651-0B59-42ED-8035-A6AABF678E2D}" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ccoggsml.exe" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\eueszpa.exe" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\tgwx.dll" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\ccoggsml.exe" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\eueszpa.exe" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\tgwx.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor" not deleted
"C:\Users\Lukas\AppData\Local\CopyEditor" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga" not deleted
"C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8120 MB
CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
CPU Speed: 2393,7 MHz
Sound Card: Lautsprecher (High Definition A |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | NVIDIA GeForce 840M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1280 X 720 - 32 bit
Network: Network Present
Network Adapters: Qualcomm Atheros AR956x Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8E2Q
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  585,8GB | D:  0,0MB
Hard Disks - Free: C:  466,3GB | D:  0,0MB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 07/11/14 | DELL  - 1
Time Zone: Mitteleuropäische Zeit
Motherboard *: Acer EA50_HB
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome        41.0.2272.118
Internet Explorer Version: 11.0.9600.17420
Google Chrome version: 41.0.2272.118
Adobe Reader version: 11.0.10.32

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Lukas\AppData\Local\Temp ====
2015-04-09 08:55:29        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\ESGScanner.sys
2015-04-09 08:54:00        5973A242277FB7B19D46BB73178246FC        47329360        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\SHSetup.exe
2015-04-08 20:56:59        4CFD8AF2562F17806684D492E2569EDD        6282720        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\optprosetup.exe
2015-04-08 20:54:19        88FBEB785CC9A761B40739243CAA826F        6003296        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\supoptsetup.exe
2015-04-07 15:21:11        67614407088F2BE94C1A0EAC6B0B5902        23496        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-04-09 08:54:44        --------        d-----w-        C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2015-04-02 18:09:15        --------        d-----w-        C:\PROGRA~2\Mozilla Thunderbird
======= C: =====
====== C:\Users\Lukas\AppData\Roaming ======
2015-04-09 08:35:07        --------        d-----w-        C:\Users\Lukas\AppData\Roaming\Nico Mak Computing
2015-04-08 20:56:38        --------        d-----w-        C:\Users\Lukas\AppData\Roaming\SpeedMon
2015-04-07 15:22:27        --------        d-----w-        C:\Users\Lukas\AppData\Local\ElevatedDiagnostics
2015-04-07 15:14:43        --------        d-----w-        C:\Windows\sysWoW64\config\systemprofile\AppData\Local\ProxyUtils
2015-04-07 15:14:18        --------        d-----w-        C:\Users\Lukas\AppData\Local\CopyEditor
====== C:\Users\Lukas ======
2015-04-09 21:49:08        F58676DE827DD9A5F3A44A698E8B4663        2095616        ----a-w-        C:\Users\Lukas\Desktop\FRST64.exe
2015-04-09 21:47:51        F58676DE827DD9A5F3A44A698E8B4663        2095616        ----a-w-        C:\Users\Lukas\Downloads\FRST64.exe
2015-04-09 08:49:39        31D2409237481996E00505054E68BA3E        21540440        ----a-w-        C:\Users\Lukas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 08:35:06        --------        d-----w-        C:\ProgramData\Nico Mak Computing
2015-04-08 21:05:19        0EFDC1550592DC0C4E73AFFB54B35C3E        2217984        ----a-w-        C:\Users\Lukas\Downloads\adwcleaner_4.201.exe
2015-04-08 20:52:40        2EA84B2FF558107C2A81E7A488D36044        395344        ----a-w-        C:\Users\Lukas\Downloads\adwcleaner-Download.exe

====== C: exe-files ==
2015-04-09 21:49:08        F58676DE827DD9A5F3A44A698E8B4663        2095616        ----a-w-        C:\Users\Lukas\Desktop\FRST64.exe
2015-04-09 21:47:51        F58676DE827DD9A5F3A44A698E8B4663        2095616        ----a-w-        C:\Users\Lukas\Downloads\FRST64.exe
2015-04-09 08:54:00        5973A242277FB7B19D46BB73178246FC        47329360        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\SHSetup.exe
2015-04-09 08:49:39        31D2409237481996E00505054E68BA3E        21540440        ----a-w-        C:\Users\Lukas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 08:43:51        E52C4B2E742DF1BCEC82A86179B03FBA        544        ----a-w-        C:\$Recycle.Bin\S-1-5-21-213747835-2699745907-1178046859-1000\$I32G5LF.exe
2015-04-08 21:05:19        0EFDC1550592DC0C4E73AFFB54B35C3E        2217984        ----a-w-        C:\Users\Lukas\Downloads\adwcleaner_4.201.exe
2015-04-08 20:56:59        4CFD8AF2562F17806684D492E2569EDD        6282720        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\optprosetup.exe
2015-04-08 20:56:38        ECC0CB6ED6CB58F6F2495D1522D014F1        840206        ----a-w-        C:\Users\Lukas\AppData\Roaming\SpeedMon\speedmon.exe
2015-04-08 20:54:19        88FBEB785CC9A761B40739243CAA826F        6003296        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\supoptsetup.exe
2015-04-08 20:52:40        2EA84B2FF558107C2A81E7A488D36044        395344        ----a-w-        C:\Users\Lukas\Downloads\adwcleaner-Download.exe
2015-04-07 17:43:38        37B7C7905ADEADA0A3DEB48BEA4ADFF1        73272        ----a-w-        C:\Users\Lukas\AppData\Roaming\Spotify\wow_helper.exe
2015-04-07 17:43:37        E74BF46DE94E62FA01C61EF084F7A7DD        2018360        ----a-w-        C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
2015-04-07 17:43:37        4D23BC37D675B0473E47A9672D2A0938        762424        ----a-w-        C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyCrashService.exe
2015-04-04 10:52:17        04A8F29E2CB7A633109E6AF1316F6E97        864336        ----a-w-        C:\Program Files (x86)\Google\Update\Install\{305364E4-7B1C-4BAB-9AD6-805580473705}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
2015-04-04 10:52:17        04A8F29E2CB7A633109E6AF1316F6E97        864336        ----a-w-        C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.118\41.0.2272.118_41.0.2272.101_chrome_updater.exe
=== C: other files ==
2015-04-09 08:55:29        3B32CAA07D672F8A2E0DF5CB3A873F45        22704        ----a-w-        C:\Users\Lukas\AppData\Local\Temp\ESGScanner.sys
2015-04-08 20:53:49        C03F9E43D5093D424FBBDD0E9EE0B012        3549113        ----a-w-        C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68B5VF74\2[1].zip
2015-04-08 20:53:37        0142BCE4FD62C72F8D7F45EFDD625B7D        2511544        ----a-w-        C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGA4DBMH\1[1].zip
2015-04-07 17:44:28        50126B0939E6DF68FDF955B00AF9931F        17261        ----a-w-        C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDYP14A\cloud-capability[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-213747835-2699745907-1178046859-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Spotify Web Helper"="C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:hxxp://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:hxxp://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Spotify Web Helper"="C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Users\\Lukas\\AppData\\Local\\CopyEditor\\cvmxga\\sjolrvp.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"smrt"="C:\Program Files (x86)\ProductUI\Startup.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Users\\Lukas\\AppData\\Local\\CopyEditor\\cvmxga\\dpqeblv.dll"

==== Startup Folders ======================

2014-12-27 18:07:45        1381        ----a-w-        C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
2014-11-30 15:58:30        2753        ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
2014-11-30 15:51:45        1360        ----a-w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16.11.2014 18:37]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16.11.2014 18:37]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [18.11.2014 13:23]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Hotword Shared Module - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.de/?gws_rd=ssl",
"startup_urls": [ "https://www.google.de/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuAzdNozx1XsRpKDohgXe4PDZYpubazqDvwlRRZK0ezfJL3kFiIWi6-BQ8-JrUaPFB92UgqwMgsS3yQwo2aPo5g53FrCgukTnCP6-IUYb-YbTjGTe0m4iMFJ5vH42UAQEL0pdV9LKv_rQg,,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuAzdNozx1XsRpKDohgXe4PDZYpubazqDvwlRRZK0ezfJL3kFiIWi6-BQ8-JrUaPFB92UgqwMgsS3yQwo2aPo5g53FrCgukTnCP6-IUYb-YbTjGTe0m4iMFJ5vH42UAQEL0pdV9LKv_rQg,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuAzdNozx1XsRpKDohgXe4PDZYpubazqDvwlRRZK0ezfJL3kFiIWi6-BQ8-JrUaPFB92UgqwMgsS3yQwo2aPo5g53FrCgukTnCP6-IUYb-YbTjGTe0m4iMFJ5vH42UAQEL0pdV9LKv_rQg,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuAzdNozx1XsRpKDohgXe4PDZYpubazqDvwlRRZK0ezfJL3kFiIWi6-BQ8-JrUaPFB92UgqwMgsS3yQwo2aPo5g53FrCgukTnCP6-IUYb-YbTjGTe0m4iMFJ5vH42UAQEL0pdV9LKv_rQg,,&q={searchTerms}"
"SearchAssistant"="hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE9a9InJ9YovTwLIQAT9Pa3aeCIuAzdNozx1XsRpKDohgXe4PDZYpubazqDvwlRRZK0ezfJL3kFiIWi6-BQ8-JrUaPFB92UgqwMgsS3yQwo2aPo5g53FrCgukTnCP6-IUYb-YbTjGTe0m4iMFJ5vH42UAQEL0pdV9LKv_rQg,,&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SolidWorks 2013 Schnellstart.lnk = ?
O4 - Global Startup: SolidWorks Hintergrund-Downloader.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSWSVCUchrome - {1CA93FF0-A218-44F1 - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDYP14A will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=374 folders=101 331787616 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lukas\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Lukas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Lukas\AppData\Local\CopyEditor"  not found
"C:\Users\Lukas\AppData\Local\CopyEditor"  not found
"C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHDYP14A" not found

==== EOF on 10.04.2015 at 19:05:59,29 ======================

deeprybka 10.04.2015 18:15
Gut gemacht! :daumenhoc

Wie läuft der PC jetzt?

lukas90 10.04.2015 18:51
Scheint besser zu sein. Jedoch ist der Chrome etwas verstellt.
Ich habe unter der http: Leiste ja die Lesenzeichenleiste. Klick ich auf eins öffnet sich die Seite und die Leiste geht weg. Sie ist also quasi nur bei neuem Tab da und bei öffnen des Explorers.

Vorher war die Leiste durchgehend da.

deeprybka 10.04.2015 18:53
Der Chrome wurde auch zurück gesetzt.

Schritt 1

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

lukas90 10.04.2015 22:28
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 10.04.2015
Suchlauf-Zeit: 20:38:17
Logdatei: mwab.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.10.06
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lukas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 361121
Verstrichene Zeit: 13 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)



Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a523f54687259f4faf150fceb3711872
# engine=23325
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-10 09:21:58
# local_time=2015-04-10 11:21:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 45488 180330768 0 0
# scanned=154722
# found=24
# cleaned=0
# scan_time=8403
sh=CEB8D59B9A1652CCBFAFC8CCA0E6EF1DE0F95855 ft=1 fh=da2a004dca05468f vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProductUI\uninstall.exe.vir"
sh=687D2D398391D64DF64E65EA597D0D03D564B005 ft=1 fh=e478b250dc3f217d vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\AppManager.exe.vir"
sh=A3C3D09F8D98AF8FD4D288D5AE33273D2FA14189 ft=1 fh=636ab12284cdc8a9 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\scandll.dll.vir"
sh=E97FDBFE8FA9B7513273E9DE2CBB044646D4E8FD ft=1 fh=940afc50e4391aa7 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir"
sh=89D6E6E8FCE38E4C87CBDCD16DFFA6BF23AA67A3 ft=1 fh=a967289658e125c6 vn="Variante von Win32/Systweak.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe.vir"
sh=D8A432E7784541A14190CED4B417751E608AB898 ft=1 fh=8c7411c32dae415b vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=826B181CF4FE507BC697F5B137E9A4704FB6131B ft=1 fh=741299c35f05bcb1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=93FC0A3CB25B7C0E809AEEFFBAD7DB747FDD9422 ft=1 fh=ed247d535bbf55fa vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=D62E826B13E242DC0BABCAD05E3A4613795A024F ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi.vir"
sh=50DE2C19D202A64208CDD00C991388D70A5E0059 ft=1 fh=0ac46496ca382a6c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=23BE39FD9F8F48F573314FBA50192D607C7DC5C8 ft=1 fh=73e334723c1913a1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=F4D7B96DBC76788089DE6A1FABCC0FA20292B1F7 ft=1 fh=c92d8361ff53e603 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=4ABFC256653DDB2078242A8183B2E279DF6FE52B ft=1 fh=84f15d895c33e9e3 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=8D0FEEC2A82F75383317F2B14CA556E564094C25 ft=1 fh=32b01fbe2ea67a55 vn="Variante von Win32/Adware.PicColor.X Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\SecurityUtilitySrv.exe.vir"
sh=E463ACFE9829A72AB2E222BAFADB1C3F7BD6785B ft=1 fh=c71c001116150659 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lukas\AppData\Roaming\mystartsearch\UninstallManager.exe.vir"
sh=4F1E330D896F21BB479B879688A6AAEEE314339C ft=1 fh=0cb4300452c3829b vn="Win32/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lukas\Downloads\adwcleaner-Download.exe"
sh=8D306FC91836313D09FBCA5F6815CC3949421B74 ft=1 fh=a576cf637e3c86bc vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~3_{3c3a57cf-1519-e9dd-3c3a-a57cf1515f3c}\hqghumeaylnlf.exe"
sh=FC43D0B782136DD69B1342ECA09E5535C7015004 ft=1 fh=c71c0011abbc24ab vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\ccoggsml.exe"
sh=740CBD99FEDB9C8BD394E07BDB48F07B82A1F492 ft=1 fh=c71c001184bb3793 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\grme.dll"
sh=65808029CAC0FB87549557D02F13FDE09C308187 ft=1 fh=f706438655ddba66 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\lzel.exe"
sh=F6389A956DE9FD2471954F84EA6386CE6FAADC10 ft=1 fh=c71c0011af938b92 vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\mgqvln.dll"
sh=BBD0B7F7445843568230A3C7CCABDF3B54349D1E ft=1 fh=3614f6bb1a5023c8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\tbmna.exe"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Lukas_AppData_Local_CopyEditor\cvmxga\tgwx.dll"


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Lukas (administrator) on LUKAS-PC on 10-04-2015 23:25:17
Running from C:\Users\Lukas\Desktop
Loaded Profiles: Lukas (Available profiles: Lukas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BitTorrent Inc.) C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [smrt] => C:\Program Files (x86)\ProductUI\Startup.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Atheros Communications))
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [BitTorrent] => C:\Users\Lukas\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Spotify Web Helper] => C:\Users\Lukas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Run: [Spotify] => C:\Users\Lukas\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-07] (Spotify Ltd)
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\MountPoints2: {0b7c1f8e-8bd3-11e4-9ee5-38b1db29f1b4} - F:\startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll => C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll File Not Found
AppInit_DLLs-x32: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll => "C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-213747835-2699745907-1178046859-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-213747835-2699745907-1178046859-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-18]

Chrome:
=======
CHR Profile: C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
CHR Extension: (Google Docs) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
CHR Extension: (Google Drive) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-16]
CHR Extension: (YouTube) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-16]
CHR Extension: (Google Search) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-16]
CHR Extension: (Google Sheets) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-16]
CHR Extension: (Gmail) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-12-27] (Adobe Systems) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-30] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 2003-06-13] (Adaptec)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 20:54 - 2015-04-10 20:54 - 02347384 _____ (ESET) C:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe
2015-04-10 20:53 - 2015-04-10 20:53 - 00001208 _____ () C:\Users\Lukas\Desktop\mwab.txt
2015-04-10 20:37 - 2015-04-10 20:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 20:33 - 2015-04-10 20:33 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-04-10 20:33 - 2015-04-10 20:33 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-10 20:33 - 2015-04-10 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 20:33 - 2015-04-10 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-10 20:33 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 20:33 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-10 20:33 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 19:04 - 2015-04-10 18:47 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-10 18:48 - 2015-04-10 19:05 - 00035033 _____ () C:\zoek-results.log
2015-04-10 18:47 - 2015-04-10 18:59 - 00000000 ____D () C:\zoek_backup
2015-04-10 18:47 - 2015-04-10 18:47 - 01305600 _____ () C:\Users\Lukas\Desktop\zoek.exe
2015-04-09 23:49 - 2015-04-10 23:25 - 00012807 _____ () C:\Users\Lukas\Desktop\FRST.txt
2015-04-09 23:49 - 2015-04-10 23:25 - 00000000 ____D () C:\FRST
2015-04-09 23:49 - 2015-04-09 23:49 - 02095616 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-04-09 23:47 - 2015-04-09 23:47 - 02095616 _____ (Farbar) C:\Users\Lukas\Downloads\FRST64.exe
2015-04-09 10:50 - 2015-04-09 10:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 10:49 - 2015-04-09 23:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-09 10:49 - 2015-04-09 10:49 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 10:35 - 2015-04-10 18:59 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Nico Mak Computing
2015-04-09 10:35 - 2015-04-10 18:59 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-04-08 23:05 - 2015-04-09 23:44 - 00000000 ____D () C:\AdwCleaner
2015-04-08 23:05 - 2015-04-08 23:05 - 02217984 _____ () C:\Users\Lukas\Downloads\adwcleaner_4.201.exe
2015-04-08 22:56 - 2015-04-08 23:03 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\SpeedMon
2015-04-08 22:52 - 2015-04-08 22:52 - 00395344 _____ () C:\Users\Lukas\Downloads\adwcleaner-Download.exe
2015-04-07 19:41 - 2015-04-10 19:05 - 00426514 _____ () C:\Windows\PFRO.log
2015-04-07 19:41 - 2015-04-10 19:05 - 00000392 _____ () C:\Windows\setupact.log
2015-04-07 19:41 - 2015-04-07 19:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-07 17:00 - 2015-04-07 17:00 - 00040636 _____ () C:\Users\Lukas\Documents\cc_20150407_170035.reg
2015-04-07 16:48 - 2015-04-07 19:46 - 00000000 ____D () C:\Users\Lukas\Desktop\9n3
2015-04-02 20:09 - 2015-04-07 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-03-18 21:44 - 2015-03-18 22:02 - 00000000 ____D () C:\Users\Lukas\Desktop\e46
2015-03-16 20:31 - 2015-04-04 12:55 - 00000000 ____D () C:\Users\Lukas\Desktop\Neu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 23:21 - 2014-11-30 17:03 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\BitTorrent
2015-04-10 23:12 - 2014-11-16 18:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 23:12 - 2014-11-16 18:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 23:05 - 2009-07-14 06:45 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 23:05 - 2009-07-14 06:45 - 00014128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 20:37 - 2015-01-24 17:20 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Spotify
2015-04-10 19:12 - 2015-01-24 17:19 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Spotify
2015-04-10 19:08 - 2014-11-16 14:43 - 01745874 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 19:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 11:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2015-04-08 23:13 - 2009-07-14 19:58 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 23:13 - 2009-07-14 19:58 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 23:13 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 23:06 - 2014-11-16 18:38 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-08 23:06 - 2014-11-16 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-08 23:06 - 2014-11-16 14:47 - 00000995 _____ () C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-07 19:48 - 2014-11-16 15:04 - 00000000 ____D () C:\Users\Lukas\Desktop\Lukas
2015-04-07 19:46 - 2014-11-16 15:23 - 00000000 ____D () C:\Users\Lukas\Desktop\Street-Magic
2015-04-07 19:42 - 2009-07-14 06:45 - 05329200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-07 19:41 - 2014-11-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 17:21 - 2014-11-25 18:22 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Mozilla
2015-04-07 17:00 - 2014-12-11 16:31 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\PhotoScape
2015-04-07 17:00 - 2014-11-16 14:15 - 00000000 ____D () C:\Windows\Panther
2015-04-01 23:45 - 2014-11-20 23:58 - 00000000 ____D () C:\Users\Lukas\AppData\Roaming\Adobe
2015-04-01 23:44 - 2014-11-16 18:37 - 00125896 _____ () C:\Users\Lukas\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-28 15:59 - 2014-12-11 16:33 - 00061440 ____H () C:\Users\Lukas\Desktop\photothumb.db
2015-03-16 20:45 - 2014-11-16 18:27 - 00000000 ____D () C:\Users\Lukas\Documents\Bluetooth Folder
2015-03-16 20:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 00:30

==================== End Of Log ============================
--- --- ---




Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Lukas at 2015-04-10 23:25:48
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
NVIDIA Grafiktreiber 332.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.35 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
SecurityUtility Service (HKLM-x32\...\SecurityUtility Service) (Version:  - )
SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spotify (HKU\S-1-5-21-213747835-2699745907-1178046859-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-03-2015 16:31:50 Geplanter Prüfpunkt
08-04-2015 12:04:22 Geplanter Prüfpunkt
09-04-2015 10:49:04 Removed Avira Browser Safety
09-04-2015 10:54:58 Installed SpyHunter
09-04-2015 23:43:08 Removed SpyHunter
10-04-2015 18:48:53 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13645476-F6E4-478D-AED3-A7F5041DA986} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: {2A51D0B0-D38E-487B-AAFE-19164B657752} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {38A3D67F-50D6-485B-8812-7D65CFDED071} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4645E69C-4774-4B00-A221-35DC69BB8080} - \{CC775651-0B59-42ED-8035-A6AABF678E2D} No Task File <==== ATTENTION
Task: {7868A318-A2A2-43F5-B35A-2BA4CD9C4CBF} - System32\Tasks\{686CED13-1F99-4989-B82C-5C738177C138} => pcalua.exe -a C:\Users\Lukas\Desktop\Lukas\Programme\Solid\SW\SW2013_SP0.0_64bits_Crack_[hispargentino]\Crack\SW2010-2013.Activator.SSQ.exe -d C:\Users\Lukas\Desktop\Lukas\Programme\Solid\SW\SW2013_SP0.0_64bits_Crack_[hispargentino]\Crack
Task: {B6242B15-F315-405D-8B41-58A3C4301286} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DD515D79-436E-448B-8857-C810CEAAA9DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-16] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-16 20:03 - 2014-01-08 02:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-09-28 06:50 - 2012-09-28 06:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2015-01-14 18:30 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-14 18:30 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2015-01-14 18:30 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-04 12:52 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 12:52 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-04 12:52 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-04 12:52 - 2015-03-30 23:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-213747835-2699745907-1178046859-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-213747835-2699745907-1178046859-500 - Administrator - Disabled)
Gast (S-1-5-21-213747835-2699745907-1178046859-501 - Limited - Disabled)
Lukas (S-1-5-21-213747835-2699745907-1178046859-1000 - Administrator - Enabled) => C:\Users\Lukas

==================== Faulty Device Manager Devices =============

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2015 11:22:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 09:00:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 08:59:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 10:10:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.118 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5f4

Startzeit: 01d07365b581a419

Endzeit: 7

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 0a08e64c-df59-11e4-b63d-bcd9d5c767f5

Error: (04/09/2015 10:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.118 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ff8

Startzeit: 01d072a1cfc9461c

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 9733f380-de95-11e4-b88f-cfd8bd0d2e8c

Error: (04/09/2015 10:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 41.0.2272.118 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 678

Startzeit: 01d0729f6ab51d1e

Endzeit: 5

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: a052453d-de93-11e4-a732-d1c7695e028f

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41906440


System errors:
=============
Error: (04/10/2015 07:05:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32

Error: (04/10/2015 07:05:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/10/2015 06:59:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/10/2015 06:59:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (04/10/2015 11:22:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/10/2015 09:00:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe

Error: (04/10/2015 08:59:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe

Error: (04/10/2015 10:10:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.1185f401d07365b581a4197C:\Program Files (x86)\Google\Chrome\Application\chrome.exe0a08e64c-df59-11e4-b63d-bcd9d5c767f5

Error: (04/09/2015 10:51:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.118ff801d072a1cfc9461c4C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9733f380-de95-11e4-b88f-cfd8bd0d2e8c

Error: (04/09/2015 10:37:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe41.0.2272.11867801d0729f6ab51d1e5C:\Program Files (x86)\Google\Chrome\Application\chrome.exea052453d-de93-11e4-a732-d1c7695e028f

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615732

Error: (04/08/2015 06:14:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2015 10:57:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41906440


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 28%
Total physical RAM: 8119.36 MB
Available physical RAM: 5822.94 MB
Total Pagefile: 16236.9 MB
Available Pagefile: 13897.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:585.84 GB) (Free:465.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8DD6201F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=345.6 GB) - (Type=06)

==================== End Of Log ============================

deeprybka 11.04.2015 10:47
Hi,

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
AppInit_DLLs: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll => C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\dpqeblv.dll File Not Found
AppInit_DLLs-x32: C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll => "C:\Users\Lukas\AppData\Local\CopyEditor\cvmxga\sjolrvp.dll" File Not Found
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Task: {4645E69C-4774-4B00-A221-35DC69BB8080} - \{CC775651-0B59-42ED-8035-A6AABF678E2D} No Task File
Task: {7868A318-A2A2-43F5-B35A-2BA4CD9C4CBF} - System32\Tasks\{686CED13-1F99-4989-B82C-5C738177C138}
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? Gibt es einen bestimmten Grund warum Du kein Antivirusprogramm installiert hast?

lukas90 11.04.2015 11:13
Scheinbar läuft es nun. DANKE !


Ehm zum Thema Virenprogramm... Ja, hab mir über Chip (ja ich weiß, da sollte man nix runterladen) Avast geladen und scheinbar das Snapdo mitgesaugt. Obwohl ich alle Häkchen bei der Installation, die etwas mit anderen Programmen oder Toolbars zu tun haben, abgewählt.


Werde mir jetzt aber wieder eins zulegen.

deeprybka 11.04.2015 15:09
CHIP-Installer - was ist das? - Anleitungen

Bitte das Fixlog posten! :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55