Sehr viel Werbung und neue Fenster

Nerenina · 29.03.2014, 15:46

Hallo,

seit einigen Wochen habe ich extrem viel Werbung in meinem Firefow Browser. Links auf dem Bildschirm erscheint etwas, das sich WebCake kennt und ähnliche Suchbegriffe anzeigt, unten schiebt sich Werbung rein und rechts auch. Manchmal schaue ich yum Beispiel etwas bei Youtube und plötzlich ersetzt sich die Seite durch irgendeine neue, bei der ich zum Beispiel meinen FLashplayer erneuern soll oder irgendetwas anderes herunterladen. Ausserdem oeffnen sich staendig neue Fenster und Tabs mit Werbugn fuer Spiele, LiveCams, perverse Seiten etc. Manchmal kann ich nicht mal ein Video schauen, weil die Seite staendig selbst durch Werbung ersetzt wird. Und manchmal oeffnen sich bis zu 10 neue Tabs mit gleichem Werbungsinhalt! Ausserdem werden aauf allen Seiten die ich besuche sehr viele Worte doppelt blau unterstrichen und wnen man drueberfahert erscheint Werbung.

Ich hoffe ihr könnt mir helfen, mir reicht es langsam

Vielen Dank im Voraus!!

schrauber · 29.03.2014, 15:47

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Nerenina · 29.03.2014, 15:59

Hey,

hab ich gemacht. Keine Ahnugn ob ich das jetzt richtig mache
:/
Anhang 65809

Anhang 65810

schrauber · 30.03.2014, 07:36

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Nerenina · 07.04.2014, 23:06

Hallo,

tut mir Leid dass es flasch war, ich probiere es noch mal!!

Code:

ATTFilter

Anhang 66026

Code:

ATTFilter

Anhang 66027

so?

Vielen Dank!!

schrauber · 08.04.2014, 12:33

Die Logs sind immer noch angehängt. Nicht anhängen. Log auf deinem Rechner öffnen, alles markieren, alles kopieren, hier rein posten.

Nerenina · 08.04.2014, 23:45

Achsooo, ich glaub jetzt weiss ich was du meinst!

So?

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nerea at 2014-03-29 15:53:54
Running from C:\Users\Nerea\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
Gameforge Live 1.8.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.8.0 - Gameforge)
Hidden Mysteries: Die Verbotene Stadt (HKLM-x32\...\BFG-Hidden Mysteries - Die Verbotene Stadt) (Version:  - )
Hidden Mysteries: Salem Secrets (HKLM-x32\...\BFG-Hidden Mysteries - Salem Secrets) (Version:  - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.856 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Grafiktreiber 307.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.45 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.45 (Version: 307.45 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Optimizer Pro v3.0 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.3 - betwikx LLC) <==== ATTENTION
Real Crimes: Jack the Ripper (HKLM-x32\...\BFG-Real Crimes - Jack the Ripper) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Web-Cake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - Web Cake LLC) <==== ATTENTION
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

24-02-2014 19:30:20 Windows Update
11-03-2014 14:14:14 Geplanter Prüfpunkt
24-03-2014 19:51:14 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D35BB71-0E88-491C-B05C-F6FD53D77B00} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {22D92CE1-DFE4-4630-A21D-25BC3387D876} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3C6CE876-AC97-4B1C-80F4-79335846FF3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-24] (Microsoft Corporation)
Task: {4072320A-60B1-4EDB-9125-D180BF999B16} - System32\Tasks\Lenovo\Lenovo-7691 => C:\ProgramData\Lenovo-7691.vbs [2013-04-06] ()
Task: {52F762A4-4F34-4226-8079-348F3193539D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {557621E0-FB9A-4FD9-8E13-8D5F0E0D8F08} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {5FDAC12A-19E1-467B-9FA8-C611420048EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-24] (Microsoft Corporation)
Task: {6EC0ED37-B54A-4F3A-8A72-34286B681F5F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {839FEE79-7A38-4C6C-B79D-28AA2390177B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9E79AF34-72ED-4816-93BB-5192D0A93C60} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002UA => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B98891EE-15BD-4160-B74D-F24E3E68813F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C36AC812-8278-464B-BFDA-392F94AE2CB5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002Core => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF0148E5-998E-4F5B-8923-2D0794006A86} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {D2379FC8-93BE-4520-BFF7-5C33C6632C43} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE0AABAC-81A8-4BAF-A060-D030E62FADC0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002Core.job => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002UA.job => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-15 14:51 - 2012-11-15 14:51 - 00048920 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-03-26 00:11 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-09 22:12 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-04-07 08:20 - 2013-01-02 20:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-03-14 01:19 - 2013-02-05 06:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-29 14:30 - 2014-01-16 00:59 - 00603648 _____ () C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-06 22:49 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-12 14:35 - 2014-01-16 00:59 - 36967424 _____ () C:\Users\Nerea\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-29 14:30 - 2014-01-16 00:59 - 00887808 _____ () C:\Users\Nerea\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-29 14:30 - 2014-01-16 00:59 - 00109568 _____ () C:\Users\Nerea\AppData\Roaming\Spotify\Data\libegl.dll
2013-09-04 13:12 - 2013-08-02 00:24 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-09-04 13:12 - 2013-08-02 00:24 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-09-04 13:12 - 2013-08-02 00:24 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-29 12:27 - 2014-03-29 12:27 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 11:40 - 2014-03-28 22:46 - 00949248 _____ () C:\Users\Nerea\AppData\Roaming\Tepfel\dat\hk.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:012BC84F
AlternateDataStreams: C:\ProgramData\Temp:090FB735
AlternateDataStreams: C:\ProgramData\Temp:09629F6E
AlternateDataStreams: C:\ProgramData\Temp:0AC32449
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:24391EC1
AlternateDataStreams: C:\ProgramData\Temp:2AF04C69
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD
AlternateDataStreams: C:\ProgramData\Temp:85EA4795
AlternateDataStreams: C:\ProgramData\Temp:9836B5E4
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:9C3AAD57
AlternateDataStreams: C:\ProgramData\Temp:A798AA1A
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:D507B5A8
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E4E83517
AlternateDataStreams: C:\ProgramData\Temp:E732B44B
AlternateDataStreams: C:\ProgramData\Temp:EC0A74A1
AlternateDataStreams: C:\ProgramData\Temp:F42BB562
AlternateDataStreams: C:\ProgramData\Temp:F5E8CAE0
AlternateDataStreams: C:\ProgramData\Temp:F9689B72
AlternateDataStreams: C:\ProgramData\Temp:FDEE14AC

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12188

Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12188

Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10875

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10875

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9469

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9469

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8047


System errors:
=============
Error: (03/26/2014 10:21:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/26/2014 00:24:47 AM) (Source: DCOM) (User: Fetti-PC)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (03/24/2014 08:56:27 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: {B8FC52F5-CB03-4E10-8BCB-E3EC794C54A5}wuauserv

Error: (03/24/2014 08:55:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/13/2014 07:27:23 PM) (Source: Tcpip) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.34 mit dem Computer mit der
Netzwerkhardwareadresse 16-FE-ED-9C-D3-16 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (03/11/2014 10:37:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/11/2014 10:37:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (03/11/2014 10:32:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎11.‎03.‎2014 um 19:08:05 unerwartet heruntergefahren.

Error: (03/11/2014 11:38:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WebCakeUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (03/11/2014 11:38:23 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WebCakeUpdater erreicht.


Microsoft Office Sessions:
=========================
Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12188

Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12188

Error: (03/29/2014 03:26:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10875

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10875

Error: (03/29/2014 03:26:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9469

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9469

Error: (03/29/2014 03:26:31 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2014 03:26:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8047


==================== Memory info =========================== 

Percentage of memory in use: 27%
Total physical RAM: 8055.77 MB
Available physical RAM: 5821.98 MB
Total Pagefile: 9271.77 MB
Available Pagefile: 6844.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:786.52 GB) (Free:694.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:20.12 GB) (Free:17.5 GB) NTFS
Drive e: (X1APVOL_DE) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS
Drive f: (Volume) (Fixed) (Total:97.66 GB) (Free:97.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: F6F58138)

Partition: GPT Partition Type.

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nerea (administrator) on FETTI-PC on 29-03-2014 15:52:54
Running from C:\Users\Nerea\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
(cake bake) C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Bake Cake) C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Spotify Ltd) C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Spotify Ltd) C:\Users\Nerea\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-06] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [WebCake Desktop] - C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-08-26] (PC Utilities Pro)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Facebook Update] - C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-08] (Facebook Inc.)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify] - C:\Users\Nerea\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify Web Helper] - C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\MountPoints2: {d26a4eb0-9f00-11e2-be6c-806e6f6e6963} - "E:\setup.exe" 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-11-06] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2533376 2013-09-01] ()
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203112 2012-11-06] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2740696 2013-08-26] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
SearchScopes: HKLM - DefaultScope {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default
FF user.js: detected! => C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\user.js
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&installDate=01/09/2013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nerea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-06]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 WebCakeUpdater; C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe [51992 2013-08-10] (cake bake)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 15:52 - 2014-03-29 15:53 - 00020227 _____ () C:\Users\Nerea\Downloads\FRST.txt
2014-03-29 15:52 - 2014-03-29 15:52 - 00000000 ____D () C:\FRST
2014-03-29 15:51 - 2014-03-29 15:52 - 02157056 _____ (Farbar) C:\Users\Nerea\Downloads\FRST64.exe
2014-03-29 15:51 - 2014-03-29 15:51 - 01145856 _____ (Farbar) C:\Users\Nerea\Downloads\FRST.exe
2014-03-29 12:27 - 2014-03-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 22:35 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-03-13 22:35 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-13 22:35 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-13 22:35 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 19:32 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 19:32 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 19:31 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 19:31 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 19:31 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-03-13 19:31 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-03-13 19:31 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 19:31 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 19:31 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-13 19:31 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-03-13 19:31 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 19:31 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 19:31 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-03-13 19:31 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-03-13 19:31 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-13 19:31 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-03-13 19:31 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-03-13 19:30 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 19:30 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 19:30 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-13 19:30 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\GamersDigital
2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\ProgramData\GamersDigital
2014-03-11 13:48 - 2014-03-11 13:48 - 00001368 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-03-02 15:13 - 2014-03-02 15:13 - 00002166 _____ () C:\Users\Public\Desktop\Spiel Hidden Mysteries - Salem Secrets.lnk
2014-03-02 15:13 - 2014-03-02 15:13 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Mysteries - Salem Secrets
2014-03-02 15:13 - 2014-03-02 15:13 - 00000000 ____D () C:\Program Files (x86)\Hidden Mysteries - Salem Secrets
2014-03-01 17:25 - 2014-03-01 17:25 - 00002105 _____ () C:\Users\Public\Desktop\Spiel Real Crimes - Jack the Ripper.lnk
2014-03-01 17:25 - 2014-03-01 17:25 - 00000110 _____ () C:\WINDOWS\wininit.ini
2014-03-01 17:25 - 2014-03-01 17:25 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Real Crimes - Jack the Ripper
2014-03-01 17:25 - 2014-03-01 17:25 - 00000000 ____D () C:\Program Files (x86)\Real Crimes - Jack the Ripper
2014-03-01 17:19 - 2014-03-01 17:19 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Monkey Barrel Games

==================== One Month Modified Files and Folders =======

2014-03-29 15:53 - 2014-03-29 15:52 - 00020227 _____ () C:\Users\Nerea\Downloads\FRST.txt
2014-03-29 15:52 - 2014-03-29 15:52 - 00000000 ____D () C:\FRST
2014-03-29 15:52 - 2014-03-29 15:51 - 02157056 _____ (Farbar) C:\Users\Nerea\Downloads\FRST64.exe
2014-03-29 15:51 - 2014-03-29 15:51 - 01145856 _____ (Farbar) C:\Users\Nerea\Downloads\FRST.exe
2014-03-29 15:48 - 2013-09-04 18:09 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-29 15:38 - 2013-09-12 14:35 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Spotify
2014-03-29 15:12 - 2013-09-08 11:07 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002UA.job
2014-03-29 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-29 14:36 - 2013-09-01 18:51 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Tepfel
2014-03-29 14:26 - 2013-09-04 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 12:27 - 2014-03-29 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 12:12 - 2013-09-08 11:07 - 00000924 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002Core.job
2014-03-29 11:47 - 2013-04-06 22:33 - 01156893 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-28 22:56 - 2013-04-06 23:31 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-03-28 22:47 - 2013-04-06 23:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-03-26 00:12 - 2013-09-09 22:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-24 21:27 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-24 21:20 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-03-24 21:07 - 2013-09-12 14:35 - 00000000 ____D () C:\Users\Nerea\AppData\Local\Spotify
2014-03-24 21:06 - 2013-09-01 17:09 - 00000000 ___RD () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 21:06 - 2013-09-01 17:09 - 00000000 ___RD () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-24 20:59 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-24 20:59 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-24 20:57 - 2012-07-26 06:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-24 20:56 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-24 20:56 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-24 20:56 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-24 20:56 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-24 20:55 - 2012-07-26 09:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-11 18:48 - 2013-09-04 18:09 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\GamersDigital
2014-03-11 15:46 - 2014-03-11 15:46 - 00000000 ____D () C:\ProgramData\GamersDigital
2014-03-11 13:59 - 2013-09-17 14:53 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\GameMill Entertainment
2014-03-11 13:48 - 2014-03-11 13:48 - 00001368 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-03-11 11:45 - 2013-09-01 14:12 - 00000000 ____D () C:\Users\Nerea\Documents\Timo
2014-03-11 11:37 - 2012-10-10 00:08 - 00028128 _____ () C:\WINDOWS\PFRO.log
2014-03-04 23:52 - 2013-11-16 19:45 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:52 - 2013-11-16 19:45 - 00078304 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 15:13 - 2014-03-02 15:13 - 00002166 _____ () C:\Users\Public\Desktop\Spiel Hidden Mysteries - Salem Secrets.lnk
2014-03-02 15:13 - 2014-03-02 15:13 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Mysteries - Salem Secrets
2014-03-02 15:13 - 2014-03-02 15:13 - 00000000 ____D () C:\Program Files (x86)\Hidden Mysteries - Salem Secrets
2014-03-01 17:25 - 2014-03-01 17:25 - 00002105 _____ () C:\Users\Public\Desktop\Spiel Real Crimes - Jack the Ripper.lnk
2014-03-01 17:25 - 2014-03-01 17:25 - 00000110 _____ () C:\WINDOWS\wininit.ini
2014-03-01 17:25 - 2014-03-01 17:25 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Real Crimes - Jack the Ripper
2014-03-01 17:25 - 2014-03-01 17:25 - 00000000 ____D () C:\Program Files (x86)\Real Crimes - Jack the Ripper
2014-03-01 17:19 - 2014-03-01 17:19 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Monkey Barrel Games
2014-03-01 13:48 - 2013-09-18 00:29 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\ERS Game Studios

Files to move or delete:
====================
C:\ProgramData\Lenovo-7691.vbs


Some content of TEMP:
====================
C:\Users\Nerea\AppData\Local\Temp\cy7wrm7l.dll
C:\Users\Nerea\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Nerea\AppData\Local\Temp\rtenldrz.dll
C:\Users\Nerea\AppData\Local\Temp\tempmessage.bfg


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 12:03

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich bin jetzt leider bis zum 19.4. ohne Laptop unterwegs, ist es okay wenn ich danach "weitermache"? :/

Gruesse,
Nerenina

schrauber · 09.04.2014, 15:14

klar

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Nerenina · 26.06.2014, 20:09

Hallo,

es gab ein paar Laptop-Ladekabel Probleme, zu viele Klausuren und ein vergessliches Ich, wodurch ich es (mal wieder) nicht hinbekommen habe, hieran zu denken, Sorry!

Hab jetzt die ganzen Schritte mit mehr oder weniger Talent durchgeführt und poste das jetzt einfach mal..

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26/06/2014
Suchlauf-Zeit: 16:22:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.26.05
Rootkit Datenbank: v2014.06.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Nerea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 307899
Verstrichene Zeit: 13 Min, 39 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe, 2312, Löschen bei Neustart, [010cee8f35465cda24d3f816669bb24e]
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe, 5264, Löschen bei Neustart, [e12c55286d0eb18564dbfe2023dd40c0]

Module: 2
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\bsvc.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Desktop.OS.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 

Registrierungsschlüssel: 16
PUP.Optional.WebCake.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WebCakeUpdater, In Quarantäne, [010cee8f35465cda24d3f816669bb24e], 
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, In Quarantäne, [69a4d8a58bf02313b840b6c927db9868], 
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}, In Quarantäne, [69a4d8a58bf02313b840b6c927db9868], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}, In Quarantäne, [46c758253e3d63d3dbab4d32738fd828], 
PUP.Optional.WebCake.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [94799be2cfac54e2f791106f09f929d7], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF6B0594-6008-4327-93E5-608AD710A6FA}, In Quarantäne, [94799be2cfac54e2f791106f09f929d7], 
Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, In Quarantäne, [927b6d100b706ec8b3c31b3339c9b54b], 
Adware.Agent, HKLM\SOFTWARE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, In Quarantäne, [ea237706502be452d2a4440af11105fb], 
Adware.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, In Quarantäne, [ea237706502be452d2a4440af11105fb], 
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}, In Quarantäne, [ea237706502be452d2a4440af11105fb], 
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}, In Quarantäne, [ea237706502be452d2a4440af11105fb], 
Adware.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}, In Quarantäne, [7e8f0d70accff83e98de430b62a08977], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\CLASSES\APPID\PricePeep.DLL, In Quarantäne, [5cb1235af6850d29cbb18661dd2630d0], 
PUP.Optional.PricePeep.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PricePeep.DLL, In Quarantäne, [fc11b2cb3b4069cd522a9453de25f30d], 
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjoijdanhaiflhibkljeklcghcmmfffh, In Quarantäne, [47c6ccb13a414ee8269f419e9e65f10f], 

Registrierungswerte: 1
PUP.Optional.WebCake.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebCake Desktop, "C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe", In Quarantäne, [e12c55286d0eb18564dbfe2023dd40c0]

Registrierungsdaten: 13
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[3cd17706d2a942f418f4f88705ff8977]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013),Ersetzt,[f21bcab3c5b67cbacfa42365b64ea15f]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[50bd4e2fabd050e63f325e2af4102fd1]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[89844d306417171f076bd4b47f85d42c]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[d736b8c591ea5cda393b89fff70d9d63]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[a469acd1a2d99c9a34413b4d7b89ed13]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=DE&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[917ccdb05427af8796771867c63ecc34]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[828bd1ac0f6c37ffec86f098d4300ef2]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=hp&installDate=01/09/2013),Ersetzt,[3ad3ec916b102610670c38509d67a957]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[99746b125a21330318593f49c63efe02]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[c44918652b50d066d0a40c7cde267987]
PUP.Optional.Snapdo, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[0805d9a4e29900361e57068242c2af51]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1495532002-145744468-2854867227-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&q={searchTerms}&installDate=01/09/2013),Ersetzt,[64a918650f6c2d09f716c8b7c73d7c84]

Ordner: 6
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel, Löschen bei Neustart, [dd300f6eb8c33ff7093db431a65de917], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\update, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 

Dateien: 22
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe, Löschen bei Neustart, [010cee8f35465cda24d3f816669bb24e], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\WebCakeDesktop.exe, Löschen bei Neustart, [e12c55286d0eb18564dbfe2023dd40c0], 
PUP.Optional.PricePeep.A, C:\Users\Nerea\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [7994fe7fc6b580b69a6f96adf20f1be5], 
PUP.Optional.OneClickDownloader.A, C:\Users\Nerea\Downloads\NatuerlichBlondGerman2001DVDRipXviDiNTERNAL-MDCavi.exe, In Quarantäne, [3ecf196415668caa50cb4fc80df48977], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll, In Quarantäne, [8c818bf2671439fd6162bc237d865ea2], 
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.InstallState, In Quarantäne, [dd300f6eb8c33ff7093db431a65de917], 
PUP.Optional.WebCake.A, C:\Program Files (x86)\Tepfel\sqlite3.exe, In Quarantäne, [dd300f6eb8c33ff7093db431a65de917], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\PlugIns.cache, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\bsvc.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\cst.exe, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Desktop.OS.dll, Löschen bei Neustart, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\DIBS.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Dora.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Maintain.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Paladin.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\Phoenix.dat, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.WebCake.A, C:\Users\Nerea\AppData\Roaming\Tepfel\dat\sqlite3.dll, In Quarantäne, [2ae344398bf06fc79a12058d689a857b], 
PUP.Optional.SnapDo.A, C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=ES&userid=908f7d5a-96ed-2fcc-3bbe-877740079768&searchtype=ds&installDate=01/09/2013&q=");), Ersetzt,[1cf194e9b2c99a9c13169720fb0927d9]

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.213 - Bericht erstellt am 26/06/2014 um 20:29:07
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Nerea - FETTI-PC
# Gestartet von : C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Nerea\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\prefs.js ]

Zeile gelöscht : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Zeile gelöscht : user_pref("extentions.webcake.installId", "92cb452e-51cf-44f5-918f-cff80538708d");

*************************

AdwCleaner[R0].txt - [3370 octets] - [26/06/2014 20:27:48]
AdwCleaner[S0].txt - [2952 octets] - [26/06/2014 20:29:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3012 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Nerea on 26/06/2014 at 20:35:09,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Emptied folder: C:\Users\Nerea\AppData\Roaming\mozilla\firefox\profiles\cxkccg0y.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2014 at 20:46:08,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ok ich hoffe das stimmt so jetzt irgendwie..

Hier noch das FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Nerea (administrator) on FETTI-PC on 26-06-2014 21:06:09
Running from C:\Users\Nerea\Downloads
Platform: Windows 8 (X64) OS Language: Alemán (Alemania)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Spotify Ltd) C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Nerea\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-04-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-04-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-02] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Facebook Update] => C:\Users\Nerea\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-08] (Facebook Inc.)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify] => C:\Users\Nerea\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-1495532002-145744468-2854867227-1002\...\Run: [Spotify Web Helper] => C:\Users\Nerea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-26] (Spotify Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-11-06] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203112 2012-11-06] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM - DefaultScope {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {65A47189-6319-4816-A0DC-B7AF30B11AE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default
FF NewTab: about:blank
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nerea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Nerea\AppData\Roaming\Mozilla\Firefox\Profiles\cxkccg0y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-07]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [959256 2012-11-15] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-26] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [975104 2012-08-24] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-26 21:06 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Nerea\Downloads\FRST-OlderVersion
2014-06-26 20:46 - 2014-06-26 20:46 - 00000956 _____ () C:\Users\Nerea\Desktop\JRT.txt
2014-06-26 20:40 - 2014-06-26 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-26 20:34 - 2014-06-26 20:34 - 01016261 _____ (Thisisu) C:\Users\Nerea\Downloads\JRT.exe
2014-06-26 20:34 - 2014-06-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-26 20:27 - 2014-06-26 20:29 - 00000000 ____D () C:\AdwCleaner
2014-06-26 20:27 - 2014-06-26 20:27 - 01342659 _____ () C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
2014-06-26 20:26 - 2014-06-26 20:26 - 00016008 _____ () C:\mbam.txt
2014-06-26 16:20 - 2014-06-26 21:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 16:20 - 2014-06-26 21:02 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-26 16:20 - 2014-06-26 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-26 16:20 - 2014-06-26 21:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 16:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-26 16:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-26 16:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-26 16:08 - 2014-06-26 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nerea\Downloads\revosetup95.exe
2014-06-26 16:08 - 2014-06-26 16:08 - 00001275 _____ () C:\Users\Nerea\Desktop\Revo Uninstaller.lnk
2014-06-26 16:08 - 2014-06-26 16:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 16:06 - 2014-06-26 16:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nerea\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 15:22 - 2014-06-26 15:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Nerea\Downloads\Slender The Eight Pages - CHIP-Installer.exe
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 00:19 - 2014-06-14 00:19 - 00002123 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Das Vermaechtnis.lnk
2014-06-14 00:19 - 2014-06-14 00:19 - 00001288 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-06-14 00:18 - 2014-06-14 00:19 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-12 23:15 - 2014-06-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 22:29 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-11 22:29 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-11 22:29 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-11 22:29 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-11 22:29 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-11 22:29 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-11 22:29 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-11 22:29 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-11 22:29 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-11 22:29 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-11 22:29 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-11 22:29 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-11 22:29 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-11 22:29 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-11 22:29 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-11 22:29 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-11 22:29 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-11 22:29 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-11 22:29 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-11 22:29 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-11 22:29 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-11 22:29 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-11 22:28 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-11 22:28 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-11 22:28 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-11 22:28 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-11 22:28 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-11 22:26 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-11 22:26 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-11 22:26 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-10 21:43 - 2014-06-10 21:43 - 00002162 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Gefaehrliche Wuensche.lnk
2014-06-10 21:42 - 2014-06-10 21:43 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-07 23:42 - 2014-06-07 23:42 - 00002206 _____ () C:\Users\Public\Desktop\Spiel Redemption Cemetery - Bitterer Frost.lnk
2014-06-07 23:39 - 2014-06-07 23:42 - 00000000 ____D () C:\Program Files (x86)\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 02:10 - 2014-06-07 02:10 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\BlamGames
2014-06-07 02:03 - 2014-06-07 02:03 - 00002155 _____ () C:\Users\Public\Desktop\Spiel Punished Talents - Sieben Musen.lnk
2014-06-07 01:57 - 2014-06-07 02:03 - 00000000 ____D () C:\Program Files (x86)\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-06 20:48 - 2014-06-14 01:06 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-06-06 19:14 - 2014-06-06 19:14 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\VendelGAMES
2014-06-04 18:42 - 2014-06-04 18:42 - 00237568 _____ (Big Fish Games) C:\Users\Nerea\Downloads\prinzessin-isabella-die-rueckkehr-des-fluches_s2_l2_gF6294T1L2_d2313998984.exe
2014-06-03 21:06 - 2014-06-03 21:06 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Awem
2014-06-01 21:32 - 2014-06-01 21:32 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Eipix
2014-06-01 20:28 - 2014-06-01 20:28 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\EleFun Games
2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Deep Shadows
2014-05-29 17:26 - 2014-05-29 17:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 17:25 - 2014-05-29 17:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 17:25 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 21:29 - 2014-05-28 21:51 - 00000000 ____D () C:\Users\Nerea\Documents\Excel

==================== One Month Modified Files and Folders =======

2014-06-26 21:06 - 2014-06-26 21:06 - 00000000 ____D () C:\Users\Nerea\Downloads\FRST-OlderVersion
2014-06-26 21:06 - 2014-03-29 16:52 - 00018907 _____ () C:\Users\Nerea\Downloads\FRST.txt
2014-06-26 21:06 - 2014-03-29 16:52 - 00000000 ____D () C:\FRST
2014-06-26 21:06 - 2014-03-29 16:51 - 02082816 _____ (Farbar) C:\Users\Nerea\Downloads\FRST64.exe
2014-06-26 21:05 - 2013-09-12 15:35 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Spotify
2014-06-26 21:02 - 2014-06-26 16:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 21:02 - 2014-06-26 16:20 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-26 21:02 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-26 21:02 - 2014-06-26 16:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-26 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-26 20:51 - 2013-04-06 23:33 - 01238534 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-26 20:48 - 2013-09-04 19:09 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-26 20:46 - 2014-06-26 20:46 - 00000956 _____ () C:\Users\Nerea\Desktop\JRT.txt
2014-06-26 20:40 - 2014-06-26 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-26 20:40 - 2013-04-07 00:31 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-06-26 20:34 - 2014-06-26 20:34 - 01016261 _____ (Thisisu) C:\Users\Nerea\Downloads\JRT.exe
2014-06-26 20:34 - 2014-06-26 20:34 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-26 20:33 - 2013-04-07 00:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-06-26 20:30 - 2012-10-10 01:08 - 00042522 _____ () C:\WINDOWS\PFRO.log
2014-06-26 20:30 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-26 20:30 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-26 20:29 - 2014-06-26 20:27 - 00000000 ____D () C:\AdwCleaner
2014-06-26 20:29 - 2013-10-29 22:19 - 00001090 _____ () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-26 20:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-26 20:27 - 2014-06-26 20:27 - 01342659 _____ () C:\Users\Nerea\Downloads\adwcleaner_3.213.exe
2014-06-26 20:26 - 2014-06-26 20:26 - 00016008 _____ () C:\mbam.txt
2014-06-26 16:20 - 2014-06-26 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 16:08 - 2014-06-26 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nerea\Downloads\revosetup95.exe
2014-06-26 16:08 - 2014-06-26 16:08 - 00001275 _____ () C:\Users\Nerea\Desktop\Revo Uninstaller.lnk
2014-06-26 16:08 - 2014-06-26 16:08 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-26 16:07 - 2014-06-26 16:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nerea\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-26 15:22 - 2014-06-26 15:22 - 00961360 _____ (Chip Digital GmbH) C:\Users\Nerea\Downloads\Slender The Eight Pages - CHIP-Installer.exe
2014-06-26 15:18 - 2013-09-12 15:35 - 00000000 ____D () C:\Users\Nerea\AppData\Local\Spotify
2014-06-25 00:13 - 2013-09-08 12:07 - 00000946 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002UA.job
2014-06-22 22:21 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-06-22 12:12 - 2013-09-08 12:07 - 00000924 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1495532002-145744468-2854867227-1002Core.job
2014-06-21 19:27 - 2013-09-09 23:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-17 01:22 - 2013-09-01 18:08 - 00000000 ____D () C:\Users\Nerea\AppData\Local\Packages
2014-06-16 16:45 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-16 14:51 - 2014-06-16 14:51 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-16 14:51 - 2013-09-04 19:09 - 00001942 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-16 14:51 - 2013-09-04 19:09 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-16 08:20 - 2013-09-04 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-14 21:34 - 2013-09-04 13:23 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-14 21:34 - 2013-09-04 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-14 01:39 - 2013-04-07 00:23 - 00000000 ____D () C:\ProgramData\Temp
2014-06-14 01:06 - 2014-06-06 20:48 - 00000000 ____D () C:\ProgramData\Elephant Games
2014-06-14 01:06 - 2014-02-23 20:12 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Elephant Games
2014-06-14 00:19 - 2014-06-14 00:19 - 00002123 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Das Vermaechtnis.lnk
2014-06-14 00:19 - 2014-06-14 00:19 - 00001288 _____ () C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
2014-06-14 00:19 - 2014-06-14 00:18 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2014-06-14 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Das Vermaechtnis
2014-06-14 00:18 - 2013-09-15 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-12 23:15 - 2014-06-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 23:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-10 21:43 - 2014-06-10 21:43 - 00002162 _____ () C:\Users\Public\Desktop\Spiel Grim Tales - Gefaehrliche Wuensche.lnk
2014-06-10 21:43 - 2014-06-10 21:42 - 00000000 ____D () C:\Program Files (x86)\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-10 21:42 - 2014-06-10 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Tales - Gefaehrliche Wuensche
2014-06-07 23:44 - 2013-09-18 01:29 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\ERS Game Studios
2014-06-07 23:42 - 2014-06-07 23:42 - 00002206 _____ () C:\Users\Public\Desktop\Spiel Redemption Cemetery - Bitterer Frost.lnk
2014-06-07 23:42 - 2014-06-07 23:39 - 00000000 ____D () C:\Program Files (x86)\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 23:39 - 2014-06-07 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Bitterer Frost
2014-06-07 12:56 - 2013-10-23 19:34 - 00000000 ____D () C:\Users\Nerea\Documents\EWA
2014-06-07 02:10 - 2014-06-07 02:10 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\BlamGames
2014-06-07 02:03 - 2014-06-07 02:03 - 00002155 _____ () C:\Users\Public\Desktop\Spiel Punished Talents - Sieben Musen.lnk
2014-06-07 02:03 - 2014-06-07 01:57 - 00000000 ____D () C:\Program Files (x86)\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 01:57 - 2014-06-07 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Punished Talents - Sieben Musen
2014-06-07 00:23 - 2013-09-15 22:47 - 00000000 ____D () C:\Users\Nerea\Downloads\Gameforge Live
2014-06-07 00:16 - 2013-09-15 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-06-07 00:16 - 2013-09-15 22:46 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-06-06 20:18 - 2013-09-01 18:29 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1495532002-145744468-2854867227-1002
2014-06-06 19:14 - 2014-06-06 19:14 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\VendelGAMES
2014-06-04 18:42 - 2014-06-04 18:42 - 00237568 _____ (Big Fish Games) C:\Users\Nerea\Downloads\prinzessin-isabella-die-rueckkehr-des-fluches_s2_l2_gF6294T1L2_d2313998984.exe
2014-06-03 21:06 - 2014-06-03 21:06 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Awem
2014-06-01 21:32 - 2014-06-01 21:32 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Eipix
2014-06-01 20:28 - 2014-06-01 20:28 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\EleFun Games
2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Users\Nerea\AppData\Roaming\Deep Shadows
2014-05-31 07:16 - 2014-05-22 18:01 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:16 - 2014-05-22 18:01 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 17:26 - 2014-05-29 17:26 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 17:26 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 17:25 - 2014-05-29 17:25 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 21:51 - 2014-05-28 21:29 - 00000000 ____D () C:\Users\Nerea\Documents\Excel

Files to move or delete:
====================
C:\ProgramData\Lenovo-7691.vbs


Some content of TEMP:
====================
C:\Users\Nerea\AppData\Local\Temp\bfguni.exe
C:\Users\Nerea\AppData\Local\Temp\cy7wrm7l.dll
C:\Users\Nerea\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Nerea\AppData\Local\Temp\Quarantine.exe
C:\Users\Nerea\AppData\Local\Temp\rtenldrz.dll
C:\Users\Nerea\AppData\Local\Temp\tempmessage.bfg


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-17 13:34

==================== End Of Log ============================

--- --- ---

Vielen Dank schon mal und sorry noch mal!!

LG,

Nerenina

schrauber · 27.06.2014, 11:26

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Nerenina · 27.06.2014, 22:39

Hallo,

vielen lieben Dank für die schnelle Antwort!! Ich scheitere leider schon ganz am Anfang, weil ich es leider nicht hinbekomme, die Firewall auszuschalten. Da steht, das unterliege alles der Verwaltung meine McAffee Viren-Programmes, das allerdings seit ca einem halben Jahr abgelaufen ist. Ich versuche mal, irgendwie herauszubekommen, wie ich das wegbekomme!

Nerenina

schrauber · 28.06.2014, 18:29

Firewall kannste anlassen, beende nur den Echtzeitschutz deines AV Programes.

08.04.2014, 12:33	#6
schrauber /// the machine /// TB-Ausbilder	Sehr viel Werbung und neue Fenster Die Logs sind immer noch angehängt. Nicht anhängen. Log auf deinem Rechner öffnen, alles markieren, alles kopieren, hier rein posten. __________________ --> Sehr viel Werbung und neue Fenster

28.06.2014, 18:29	#12
schrauber /// the machine /// TB-Ausbilder	Sehr viel Werbung und neue Fenster Firewall kannste anlassen, beende nur den Echtzeitschutz deines AV Programes. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Sehr viel Werbung und neue Fenster

Plagegeister aller Art und deren Bekämpfung: Sehr viel Werbung und neue Fenster