|
Plagegeister aller Art und deren Bekämpfung: Windows 8 GVU TrojaberWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.06.2014, 12:56 | #1 |
| Windows 8 GVU Trojaber Hallo, Ein Bekannter hat mich gebeten mal zu schauen ob ich den GVU Trojaner von seinem Rechner schmeißen kann. Da ich nicht von meinem USB Stick booten kann um Kaspersky mal drüberlaufen zu lassen, habe ich entsprechend einem anderen Thread (Den ich nicht verlinken kann) schonmal den FRST Scan gemacht. System: Windows 8 FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014 Ran by SYSTEM on MININT-ESI1DTR on 17-06-2014 13:48:24 Running from D:\ Platform: Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-07] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-27] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\CrashsmashLP\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] () HKU\CrashsmashLP\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] () HKU\CrashsmashLP\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> (No File) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] (Cherished Technololgy LIMITED) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () S2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) S3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) S2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] () S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-27] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-10] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-26] (McAfee, Inc.) S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-26] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] () S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] () S2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] () S2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] () S2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] () S2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-24] (Microsoft Corporation) S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation) S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED) S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-26] (McAfee, Inc.) S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-26] (McAfee, Inc.) S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-26] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-26] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-26] (McAfee, Inc.) S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-26] (McAfee, Inc.) S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.) S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-26] (McAfee, Inc.) S1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST 2014-06-02 06:23 - 2014-06-17 03:39 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end ==================== One Month Modified Files and Folders ======= 2014-06-17 13:43 - 2014-06-17 13:43 - 00000000 ____D () C:\FRST 2014-06-17 03:40 - 2014-03-03 10:41 - 00000418 _____ () C:\Windows\Tasks\Re-markit Update.job 2014-06-17 03:40 - 2014-03-03 10:40 - 00000416 _____ () C:\Windows\Tasks\Re-markit_wd.job 2014-06-17 03:40 - 2014-02-25 05:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-06-17 03:40 - 2014-02-02 00:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg 2014-06-17 03:40 - 2014-02-02 00:16 - 00000212 _____ () C:\Users\CrashsmashLP\Documents\pms.xml 2014-06-17 03:40 - 2014-02-02 00:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp 2014-06-17 03:39 - 2014-06-02 06:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-17 03:39 - 2014-04-01 03:58 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 03:39 - 2014-03-25 07:45 - 00003262 _____ () C:\Windows\System32\Tasks\PC Health Kit Schedule 2014-06-17 03:39 - 2014-03-25 07:45 - 00001534 _____ () C:\Windows\Tasks\easy-deals2-updater.job 2014-06-17 03:39 - 2014-03-25 07:45 - 00001490 _____ () C:\Windows\Tasks\easy-deals2-codedownloader.job 2014-06-17 03:39 - 2014-03-25 07:45 - 00001368 _____ () C:\Windows\Tasks\easy-deals2-enabler.job 2014-06-17 03:39 - 2014-03-25 07:44 - 00003118 _____ () C:\Windows\Tasks\easy-deals2-chromeinstaller.job 2014-06-17 03:39 - 2014-03-03 10:43 - 00000298 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-06-17 03:39 - 2014-03-03 10:42 - 00001566 _____ () C:\Windows\Tasks\Video-for-PC-1.2-updater.job 2014-06-17 03:39 - 2014-03-03 10:41 - 00003138 _____ () C:\Windows\Tasks\Video-for-PC-1.2-chromeinstaller.job 2014-06-17 03:39 - 2014-03-03 10:41 - 00002622 _____ () C:\Windows\Tasks\Video-for-PC-1.2-firefoxinstaller.job 2014-06-17 03:39 - 2014-03-03 10:41 - 00001522 _____ () C:\Windows\Tasks\Video-for-PC-1.2-codedownloader.job 2014-06-17 03:39 - 2014-03-03 10:41 - 00001420 _____ () C:\Windows\Tasks\Video-for-PC-1.2-enabler.job 2014-06-17 03:38 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-17 03:27 - 2014-04-02 05:15 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-06-17 03:14 - 2014-03-01 08:32 - 00000324 _____ () C:\Windows\Tasks\MySearchDial.job 2014-06-17 03:10 - 2012-07-25 23:21 - 00026869 _____ () C:\Windows\setupact.log 2014-06-17 03:07 - 2014-02-03 07:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001 2014-06-17 03:05 - 2014-04-23 08:10 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro 2014-06-17 03:05 - 2014-02-25 05:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup 2014-06-17 03:05 - 2014-02-25 05:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup 2014-06-17 03:03 - 2014-04-01 03:58 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 00:48 - 2014-02-25 05:37 - 00000366 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-06-17 00:20 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\ELAM 2014-06-17 00:18 - 2012-11-02 14:17 - 02026843 _____ () C:\Windows\WindowsUpdate.log 2014-06-17 00:04 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru 2014-06-05 09:00 - 2014-03-03 10:43 - 00000304 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2014-06-05 08:57 - 2014-02-25 05:46 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-05 08:42 - 2014-03-03 10:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop 2014-06-05 08:42 - 2012-11-02 14:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-06-05 08:38 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-06-02 06:26 - 2014-02-25 05:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp 2014-06-02 06:15 - 2014-06-02 06:15 - 00000000 _____ () C:\end 2014-06-02 06:06 - 2012-08-01 07:51 - 00017438 _____ () C:\Windows\PFRO.log 2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\ProgramData\IePluginService 2014-06-02 06:00 - 2014-03-03 10:41 - 00000000 ____D () C:\Program Files (x86)\SupTab Some content of TEMP: ==================== C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-04-01 05:08:23 Restore point made on: 2014-04-29 10:05:25 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 8152.33 MB Available physical RAM: 7103.22 MB Total Pagefile: 8152.33 MB Available Pagefile: 7115.79 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:627.86 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1328577F) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-06-17 00:30 ==================== End Of Log ============================ --- --- --- --- --- --- Falls noch weitere Infos benötigt werden, einfach nachfragen. Vielen Dank schon im voraus. Geändert von DGutschalk (17.06.2014 um 13:01 Uhr) |
17.06.2014, 13:21 | #2 |
/// TB-Ausbilder | Windows 8 GVU TrojaberMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc) S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation) end
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Berichte mir, ob dein Rechner danach wieder normal startet (wir sind dann noch nicht fertig). |
17.06.2014, 13:33 | #3 |
| Windows 8 GVU Trojaber Hallo Matthias,
__________________Danke für deinen Fix, der Rechner startet und der GVU Trojaner zeigt sich nicht mehr. Entdeckt habe ich jetzt allerdings noch diversen Müll wie z.B. PC Health Kit oder PC Speed Up. Das sollte ich bei der Gelegenheit auch runter schmeißen. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014 Ran by SYSTEM at 2014-06-17 14:29:24 Run:1 Running from D:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** start Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk ShortcutTarget: jgvmqbe.lnk -> C:\ProgramData\ebqmvgj.gsa (Haarlems Dagblad, Inc) S2 Winmgmt; C:\ProgramData\jgvmqbe.faa [332020 2014-03-31] (Microsoft Corporation) end ***************** C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jgvmqbe.lnk => Moved successfully. C:\ProgramData\ebqmvgj.gsa => Moved successfully. Winmgmt => Service restored successfully. ==== End of Fixlog ==== |
17.06.2014, 13:34 | #4 |
/// TB-Ausbilder | Windows 8 GVU Trojaber FRST auf dem Desktop downloaden und neu auführen: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
17.06.2014, 13:42 | #5 |
| Windows 8 GVU Trojaber Hallo Matthias, Hier die beiden Logs: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014 Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 14:37:40 Running from G:\zweiter lauf Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (System Speedup) C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Windows\jmesoft\Service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe () C:\Program Files (x86)\LPT\srpts.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe () C:\Program Files (x86)\FindRight\updateFindRight.exe () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe (Smartbar) C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe (Software Updater) C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe (GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe () C:\Windows\jmesoft\JME_LOAD.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] () HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] () HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar) HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} BHO: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho64.dll (adassist2) BHO: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho64.dll (fun-games) BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) BHO: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.x64.dll () BHO: RandoMPricce - {9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} - C:\ProgramData\RandoMPricce\tuQrBryYB0.x64.dll () BHO-x32: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho.dll (adassist2) BHO-x32: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho.dll (fun-games) BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.dll () BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\CrashsmashLP\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03] FF HKCU\...\Firefox\Extensions: [{18cb1911-bb8b-407a-a031-fffc8d7b664c}] - C:\Program Files (x86)\Re-markit-soft\155.xpi FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\155.xpi [2014-03-03] Chrome: ======= CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_ CHR StartupUrls: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_" CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01] CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01] CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01] CHR Extension: (Google-Suche) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01] CHR Extension: (easy-deals2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-04-01] CHR Extension: (Video-for-PC-1.2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-04-01] CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] CHR Extension: (Widget context) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05] CHR Extension: (Google Mail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] () R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] () R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] () [File not signed] R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] () R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] () R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED) S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-17 23:43 - 2014-06-17 14:37 - 00000000 ____D () C:\FRST 2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end ==================== One Month Modified Files and Folders ======= 2014-06-18 00:29 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-17 14:38 - 2014-02-02 10:16 - 00000214 _____ () C:\Users\CrashsmashLP\Documents\pms.xml 2014-06-17 14:38 - 2014-02-02 10:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp 2014-06-17 14:37 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST 2014-06-17 14:37 - 2014-03-03 20:41 - 00002033 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2014-06-17 14:36 - 2014-02-03 17:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001 2014-06-17 14:36 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-17 14:36 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-17 14:36 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-17 14:35 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-06-17 14:34 - 2014-03-03 20:41 - 00000418 _____ () C:\WINDOWS\Tasks\Re-markit Update.job 2014-06-17 14:33 - 2014-04-23 18:10 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro 2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-06-17 14:33 - 2014-02-25 15:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup 2014-06-17 14:32 - 2014-04-02 15:15 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2014-06-17 14:32 - 2014-02-25 15:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-17 14:31 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule 2014-06-17 14:31 - 2014-03-25 17:45 - 00001534 _____ () C:\WINDOWS\Tasks\easy-deals2-updater.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00001490 _____ () C:\WINDOWS\Tasks\easy-deals2-codedownloader.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00001368 _____ () C:\WINDOWS\Tasks\easy-deals2-enabler.job 2014-06-17 14:31 - 2014-03-25 17:44 - 00003118 _____ () C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job 2014-06-17 14:31 - 2014-03-03 20:43 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job 2014-06-17 14:31 - 2014-03-03 20:42 - 00001566 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00003138 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00002622 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00001522 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00001420 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job 2014-06-17 14:31 - 2014-03-03 20:40 - 00000416 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job 2014-06-17 14:31 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-17 13:40 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg 2014-06-17 13:14 - 2014-03-01 18:32 - 00000324 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log 2014-06-17 13:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 10:48 - 2014-02-25 15:37 - 00000366 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job 2014-06-17 10:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-06-17 10:18 - 2012-11-03 00:17 - 02026843 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-17 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-05 19:00 - 2014-03-03 20:43 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job 2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-05 18:42 - 2014-03-03 20:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop 2014-06-05 18:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-06-02 16:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp 2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end 2014-06-02 16:06 - 2012-08-01 17:51 - 00017438 _____ () C:\WINDOWS\PFRO.log 2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\ProgramData\IePluginService 2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\Program Files (x86)\SupTab Some content of TEMP: ==================== C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-17 10:30 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014 Ran by CrashsmashLP at 2014-06-17 14:38:32 Running from G:\zweiter lauf Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version: - awesomehp) <==== ATTENTION Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version: - ) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CouponSupport (HKLM-x32\...\S-649636217) (Version: 3.3.0.1598 - CouponSupport) <==== ATTENTION DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version: - Ubisoft Reflections) easy-deals2 (HKLM-x32\...\easy-deals2) (Version: 1.34.3.17 - adassist2) FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing) IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead) loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version: - ) Lollipop (HKCU\...\lollipop_03241333) (Version: - Lollipop Network, S.L.) <==== ATTENTION LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version: - Double Helix Games) MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version: - Milestone S.r.l.) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Mysearchdial (HKLM-x32\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version: - 1C-Avalon) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PC Health Kit v3.2 (HKLM-x32\...\PC Health Kit_is1) (Version: 3.2 - PC Health Labs) PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.4.1.0 - Speedchecker Limited) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version: - Ubisoft Montreal) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) RandoMPricce (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - RandoomPrIce) <==== ATTENTION Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION Re-markit (HKLM-x32\...\674d5dbc-360d-4da7-aa62-80d47d9437b8) (Version: - Re-markit Software) <==== ATTENTION Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 3.0.0.1941 - SaveClicker) <==== ATTENTION Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version: - Slightly Mad Studios) Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Snap.Do Engine (HKCU\...\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Software Updater version 1.8.4 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.4 - Air Software) <==== ATTENTION SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.2.0 - Uniblue Systems Limited) <==== ATTENTION Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - SaveClicker) <==== ATTENTION SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version: - Eden Studios) Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version: - Redlynx Ltd) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Video-for-PC-1.2 (HKLM-x32\...\Video-for-PC-1.2) (Version: 1.34.2.13 - fun-games) <==== ATTENTION VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION Wajam (HKLM-x32\...\Wajam) (Version: 2.13 - Wajam) <==== ATTENTION WPM17.8.0.3393 (HKLM-x32\...\WPM) (Version: 17.8.0.3393 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Restore Points ========================= 01-04-2014 13:07:01 RegClean Pro Di, Apr 01, 14 15:07 29-04-2014 18:05:12 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe [2014-02-24] (PC Health Labs) Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe [2014-03-03] () Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - System32\Tasks\Video-for-PC-1.2-updater => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - System32\Tasks\easy-deals2-enabler => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe [2014-03-25] (adassist2) Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe [2014-03-03] () <==== ATTENTION Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - System32\Tasks\easy-deals2-codedownloader => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe [2014-03-25] (adassist2) Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2013-11-12] () <==== ATTENTION Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - System32\Tasks\easy-deals2-chromeinstaller => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe [2014-03-25] (adassist2) Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - System32\Tasks\Video-for-PC-1.2-firefoxinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {B4299654-83B1-4622-8B94-0AD038000AF6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - System32\Tasks\MySearchDial => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-01-15] (Systweak) <==== ATTENTION Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\ReMar.exe [2014-03-03] () <==== ATTENTION Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - System32\Tasks\Video-for-PC-1.2-enabler => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - System32\Tasks\Video-for-PC-1.2-chromeinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - System32\Tasks\easy-deals2-updater => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe [2014-03-25] (adassist2) Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - System32\Tasks\Video-for-PC-1.2-codedownloader => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe [2014-03-03] (fun-games) <==== ATTENTION Task: C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe Task: C:\WINDOWS\Tasks\easy-deals2-codedownloader.job => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe Task: C:\WINDOWS\Tasks\easy-deals2-enabler.job => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe Task: C:\WINDOWS\Tasks\easy-deals2-updater.job => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\ReMar.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-02-25 15:37 - 2013-11-12 20:59 - 00417072 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe 2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2014-03-03 20:40 - 2014-03-03 20:40 - 00093184 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe 2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2014-02-06 22:19 - 2014-02-06 22:19 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe 2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-03-03 20:40 - 2014-03-03 20:40 - 00193536 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe 2014-02-26 07:19 - 2014-06-05 18:53 - 00317728 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe 2014-03-01 19:36 - 2014-06-05 18:44 - 00317728 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe 2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe 2014-03-24 15:33 - 2014-03-24 15:33 - 02952192 _____ () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe 2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe 2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2014-02-25 15:37 - 2013-11-12 21:00 - 00585608 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-25 15:37 - 2012-07-25 13:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll 2014-02-25 15:37 - 2014-01-15 19:53 - 01731312 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll 2014-03-03 20:43 - 2013-06-06 11:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll 2014-03-03 20:43 - 2014-02-19 16:59 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll 2014-02-06 22:19 - 2014-02-06 22:19 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll 2014-02-06 22:19 - 2014-02-06 22:19 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll 2014-02-06 22:18 - 2014-02-06 22:18 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00046624 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00068640 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srau.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 02282528 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00066592 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\spbl.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00014368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\siem.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sppsm.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00696352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00014880 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00078368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srut.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00029216 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srsbs.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00065056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srom.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smtu.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00038944 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smta.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00043552 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srbu.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00024096 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgml.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00061472 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00024608 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srpdm.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00043040 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-03-20 16:37 - 2014-03-20 16:37 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00035360 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00193056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgmu.dll 2014-03-20 16:36 - 2014-03-20 16:36 - 00061440 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00255008 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srns.dll 2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00077856 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srpt.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptc.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00018976 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srut.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\sppsm.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Personalization.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll 2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00014b32 ID des fehlerhaften Prozesses: 0xe84 Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0 Pfad der fehlerhaften Anwendung: Re-markit155.exe1 Pfad des fehlerhaften Moduls: Re-markit155.exe2 Berichtskennung: Re-markit155.exe3 Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5 Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001069 ID des fehlerhaften Prozesses: 0x11fc Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0 Pfad der fehlerhaften Anwendung: WSHost.exe1 Pfad des fehlerhaften Moduls: WSHost.exe2 Berichtskennung: WSHost.exe3 Vollständiger Name des fehlerhaften Pakets: WSHost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17b8 Startzeit: 01cf5f0e248d1577 Endzeit: 15 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c2c Startzeit: 01cf5184d3bce1d1 Endzeit: 31 Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall System errors: ============= Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht. Error: (06/17/2014 01:39:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%127 Microsoft Office Sessions: ========================= Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88 Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8152.33 MB Available physical RAM: 6220.89 MB Total Pagefile: 16856.33 MB Available Pagefile: 14651.26 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:627.86 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1328577F) Partition: GPT Partition Type. ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
17.06.2014, 13:44 | #6 | |
/// TB-Ausbilder | Windows 8 GVU Trojaber Bitte genau lesen... Zitat:
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. |
17.06.2014, 13:56 | #7 |
| Windows 8 GVU Trojaber Hallo, Ich habe das Tool nochmal vom Desktop aus gestartet. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014 Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 14:53:14 Running from C:\Users\CrashsmashLP\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (PC Health Labs) C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (System Speedup) C:\Program Files (x86)\System Speedup\SystemSpeedup.exe (Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Windows\jmesoft\Service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe () C:\Program Files (x86)\LPT\srpts.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe () C:\Program Files (x86)\FindRight\updateFindRight.exe () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe (Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe (Smartbar) C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe (Software Updater) C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe (GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe () C:\Windows\jmesoft\JME_LOAD.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [272176 2013-11-12] () HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe [2952192 2014-03-24] () HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\SnapDo.exe [27680 2014-03-20] (Smartbar) HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk ShortcutTarget: SoftwareUpdater.lnk -> C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe (Software Updater) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk ShortcutTarget: PricePeepUpdater.lnk -> C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (No File) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:13828 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393872078&from=tugs&uid=WDCXWD10EALX-089BA1_WD-WMATR138938689386&q={searchTerms} SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi0301ie&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtC0F0F0Czzzzzy0FtCtAtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0B0AzyzyyDtG0FtB0ByCtG0Azy0AzytG0EyCzyzytGyB0A0CyBtCtAzztAzytDtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FzyyD0Czy0EyCtG0CtByB0FtG0E0A0AyBtGzztDzzyCtGyBtBzytB0CzyyEyE0B0Dzy0A2Q&cr=1171129213&ir= SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn8iDR8pW-E-OJbVqOPUTceunT9xDBqTAsjTjtdfAEK1mDSf3HeB9zqT3L-owNCn7MnG7LcXmu7tBNkmtibNHOhEfVBoRvYetCWm86iG_W9WNWQBckkhcrohnC51P5j3lj47gO43Ur9Nc_jMO0W2fPAlpR2SiGj68AItFFd-JA7EPzDJcTN8,&q={searchTerms} BHO: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho64.dll (adassist2) BHO: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho64.dll (fun-games) BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) BHO: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.x64.dll () BHO: RandoMPricce - {9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} - C:\ProgramData\RandoMPricce\tuQrBryYB0.x64.dll () BHO-x32: easy-deals2 - {11111111-1111-1111-1111-110311991194} - C:\Program Files (x86)\easy-deals2\easy-deals2-bho.dll (adassist2) BHO-x32: Video-for-PC-1.2 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-bho.dll (fun-games) BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: SaveClicker - {5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} - C:\Program Files (x86)\SaveClicker\ap6KgYK7u.dll () BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\CrashsmashLP\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03] FF HKCU\...\Firefox\Extensions: [{18cb1911-bb8b-407a-a031-fffc8d7b664c}] - C:\Program Files (x86)\Re-markit-soft\155.xpi FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\155.xpi [2014-03-03] Chrome: ======= CHR HomePage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_ CHR StartupUrls: "hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p23_serp_cr_de_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_07a7f45c6591444893b91863b534e4b7_39_1006_20130624_DE_cr_sp_" CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01] CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01] CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01] CHR Extension: (Google-Suche) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01] CHR Extension: (easy-deals2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-04-01] CHR Extension: (Video-for-PC-1.2) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-04-01] CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] CHR Extension: (Widget context) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05] CHR Extension: (Google Mail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32288 2014-02-06] () R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [417072 2013-11-12] () R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] () R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe [193536 2014-03-03] () [File not signed] R2 Update FindRight; C:\Program Files (x86)\FindRight\updateFindRight.exe [317728 2014-06-05] () R2 Util FindRight; C:\Program Files (x86)\FindRight\bin\utilFindRight.exe [317728 2014-06-05] () R2 WajamUpdaterV3; C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [114176 2014-01-06] (Wajam) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-03-03] (Cherished Technololgy LIMITED) S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61112 2014-03-18] (StdLib) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-17 23:43 - 2014-06-17 14:53 - 00000000 ____D () C:\FRST 2014-06-17 14:52 - 2014-06-17 14:53 - 00024748 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt 2014-06-17 14:52 - 2014-06-17 13:37 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe 2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end ==================== One Month Modified Files and Folders ======= 2014-06-18 00:29 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-17 14:53 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST 2014-06-17 14:53 - 2014-06-17 14:52 - 00024748 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt 2014-06-17 14:53 - 2014-02-02 10:16 - 00000213 _____ () C:\Users\CrashsmashLP\Documents\pms.xml 2014-06-17 14:53 - 2014-02-02 10:15 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp 2014-06-17 14:51 - 2014-03-03 20:41 - 00002033 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk 2014-06-17 14:43 - 2014-02-03 17:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001 2014-06-17 14:40 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-17 14:40 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-17 14:40 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-17 14:35 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-06-17 14:34 - 2014-03-03 20:41 - 00000418 _____ () C:\WINDOWS\Tasks\Re-markit Update.job 2014-06-17 14:33 - 2014-04-23 18:10 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro 2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-06-17 14:33 - 2014-02-25 15:36 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Roaming\System Speedup 2014-06-17 14:32 - 2014-04-02 15:15 - 00003120 _____ () C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2014-06-17 14:32 - 2014-02-25 15:37 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-17 14:31 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule 2014-06-17 14:31 - 2014-03-25 17:45 - 00001534 _____ () C:\WINDOWS\Tasks\easy-deals2-updater.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00001490 _____ () C:\WINDOWS\Tasks\easy-deals2-codedownloader.job 2014-06-17 14:31 - 2014-03-25 17:45 - 00001368 _____ () C:\WINDOWS\Tasks\easy-deals2-enabler.job 2014-06-17 14:31 - 2014-03-25 17:44 - 00003118 _____ () C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job 2014-06-17 14:31 - 2014-03-03 20:43 - 00000298 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job 2014-06-17 14:31 - 2014-03-03 20:42 - 00001566 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00003138 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00002622 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00001522 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job 2014-06-17 14:31 - 2014-03-03 20:41 - 00001420 _____ () C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job 2014-06-17 14:31 - 2014-03-03 20:40 - 00000416 _____ () C:\WINDOWS\Tasks\Re-markit_wd.job 2014-06-17 14:31 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-17 13:40 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg 2014-06-17 13:37 - 2014-06-17 14:52 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe 2014-06-17 13:14 - 2014-03-01 18:32 - 00000324 _____ () C:\WINDOWS\Tasks\MySearchDial.job 2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log 2014-06-17 13:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 10:48 - 2014-02-25 15:37 - 00000366 _____ () C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job 2014-06-17 10:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-06-17 10:18 - 2012-11-03 00:17 - 02026843 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-17 10:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-05 19:00 - 2014-03-03 20:43 - 00000304 _____ () C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job 2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-05 18:42 - 2014-03-03 20:41 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Lollipop 2014-06-05 18:38 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-06-02 16:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\CrashsmashLP\Documents\PCSpeedUp 2014-06-02 16:15 - 2014-06-02 16:15 - 00000000 _____ () C:\end 2014-06-02 16:06 - 2012-08-01 17:51 - 00017438 _____ () C:\WINDOWS\PFRO.log 2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\ProgramData\IePluginService 2014-06-02 16:00 - 2014-03-03 20:41 - 00000000 ____D () C:\Program Files (x86)\SupTab Some content of TEMP: ==================== C:\Users\CrashsmashLP\AppData\Local\Temp\airB377.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airE4AA.exe C:\Users\CrashsmashLP\AppData\Local\Temp\airEA3E.exe C:\Users\CrashsmashLP\AppData\Local\Temp\BackupSetup.exe C:\Users\CrashsmashLP\AppData\Local\Temp\bdfilters.dll C:\Users\CrashsmashLP\AppData\Local\Temp\IEHistory.exe C:\Users\CrashsmashLP\AppData\Local\Temp\InstalledPrograms.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe C:\Users\CrashsmashLP\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-17 10:30 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014 Ran by CrashsmashLP at 2014-06-17 14:53:32 Running from C:\Users\CrashsmashLP\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Advanced System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) awesomehp uninstaller (HKLM-x32\...\awesomehp uninstaller) (Version: - awesomehp) <==== ATTENTION Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version: - ) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) CouponSupport (HKLM-x32\...\S-649636217) (Version: 3.3.0.1598 - CouponSupport) <==== ATTENTION DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version: - Ubisoft Reflections) easy-deals2 (HKLM-x32\...\easy-deals2) (Version: 1.34.3.17 - adassist2) FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing) IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead) loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version: - ) Lollipop (HKCU\...\lollipop_03241333) (Version: - Lollipop Network, S.L.) <==== ATTENTION LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version: - Double Helix Games) MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version: - Milestone S.r.l.) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Mysearchdial (HKLM-x32\...\mysearchdial) (Version: - Mysearchdial) <==== ATTENTION NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version: - 1C-Avalon) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PC Health Kit v3.2 (HKLM-x32\...\PC Health Kit_is1) (Version: 3.2 - PC Health Labs) PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.4.1.0 - Speedchecker Limited) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) PricePeep (HKLM-x32\...\PricePeep) (Version: 2.2.0.10 - betwikx LLC) <==== ATTENTION Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version: - Ubisoft Montreal) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) RandoMPricce (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - RandoomPrIce) <==== ATTENTION Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION Re-markit (HKLM-x32\...\674d5dbc-360d-4da7-aa62-80d47d9437b8) (Version: - Re-markit Software) <==== ATTENTION Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 3.0.0.1941 - SaveClicker) <==== ATTENTION Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version: - Slightly Mad Studios) Snap.Do (HKLM-x32\...\{3A014A11-3D9E-44BD-9431-2DB67F752CB9}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Snap.Do Engine (HKCU\...\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2}) (Version: 11.32.1.16055 - ReSoft Ltd.) <==== ATTENTION Software Updater version 1.8.4 (HKLM-x32\...\Software Updater_is1) (Version: 1.8.4 - Air Software) <==== ATTENTION SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.2.0 - Uniblue Systems Limited) <==== ATTENTION Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - SaveClicker) <==== ATTENTION SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION System Speedup (HKLM-x32\...\System Speedup_is1) (Version: 2.1 - systemspeedup.com) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version: - Eden Studios) Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version: - Redlynx Ltd) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Video-for-PC-1.2 (HKLM-x32\...\Video-for-PC-1.2) (Version: 1.34.2.13 - fun-games) <==== ATTENTION VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION Wajam (HKLM-x32\...\Wajam) (Version: 2.13 - Wajam) <==== ATTENTION WPM17.8.0.3393 (HKLM-x32\...\WPM) (Version: 17.8.0.3393 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Restore Points ========================= 29-04-2014 18:05:12 Geplanter Prüfpunkt 17-06-2014 12:51:52 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - System32\Tasks\System Speedup_UPDATES => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe [2014-02-24] (PC Health Labs) Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe [2014-03-03] () Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - System32\Tasks\Video-for-PC-1.2-updater => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - System32\Tasks\easy-deals2-enabler => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe [2014-03-25] (adassist2) Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe [2014-03-03] () <==== ATTENTION Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - System32\Tasks\easy-deals2-codedownloader => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe [2014-03-25] (adassist2) Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2013-11-12] () <==== ATTENTION Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - System32\Tasks\easy-deals2-chromeinstaller => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe [2014-03-25] (adassist2) Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - System32\Tasks\System Speedup_DEFAULT => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe [2013-12-13] (System Speedup) Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - System32\Tasks\Video-for-PC-1.2-firefoxinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2014-01-21] (Systweak Inc) <==== ATTENTION Task: {B4299654-83B1-4622-8B94-0AD038000AF6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - System32\Tasks\MySearchDial => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited) <==== ATTENTION Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-01-15] (Systweak) <==== ATTENTION Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\ReMar.exe [2014-03-03] () <==== ATTENTION Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - System32\Tasks\Video-for-PC-1.2-enabler => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - System32\Tasks\Video-for-PC-1.2-chromeinstaller => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe [2014-03-03] (fun-games) <==== ATTENTION Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - System32\Tasks\easy-deals2-updater => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe [2014-03-25] (adassist2) Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - System32\Tasks\Video-for-PC-1.2-codedownloader => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe [2014-03-03] (fun-games) <==== ATTENTION Task: C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job => C:\Program Files (x86)\easy-deals2\easy-deals2-chromeinstaller.exe Task: C:\WINDOWS\Tasks\easy-deals2-codedownloader.job => C:\Program Files (x86)\easy-deals2\easy-deals2-codedownloader.exe Task: C:\WINDOWS\Tasks\easy-deals2-enabler.job => C:\Program Files (x86)\easy-deals2\easy-deals2-enabler.exe Task: C:\WINDOWS\Tasks\easy-deals2-updater.job => C:\Program Files (x86)\easy-deals2\easy-deals2-updater.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\CRASHS~1\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe Task: C:\WINDOWS\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\ReMar.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\System Speedup_DEFAULT.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\WINDOWS\Tasks\System Speedup_UPDATES.job => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-chromeinstaller.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-enabler.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-firefoxinstaller.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job => C:\Program Files (x86)\Video-for-PC-1.2\Video-for-PC-1.2-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-02-25 15:37 - 2013-11-12 20:59 - 00417072 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe 2014-02-18 15:32 - 2014-02-18 15:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2014-03-03 20:40 - 2014-03-03 20:40 - 00093184 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe 2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2014-02-06 22:19 - 2014-02-06 22:19 - 00032288 _____ () C:\Program Files (x86)\LPT\srpts.exe 2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-03-03 20:40 - 2014-03-03 20:40 - 00193536 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markit155.exe 2014-02-26 07:19 - 2014-06-05 18:53 - 00317728 _____ () C:\Program Files (x86)\FindRight\updateFindRight.exe 2014-03-01 19:36 - 2014-06-05 18:44 - 00317728 _____ () C:\Program Files (x86)\FindRight\bin\utilFindRight.exe 2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe 2014-03-24 15:33 - 2014-03-24 15:33 - 02952192 _____ () C:\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe 2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptm.exe 2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2014-02-25 15:37 - 2013-11-12 21:00 - 00585608 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-25 15:37 - 2012-07-25 13:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll 2014-02-25 15:37 - 2014-01-15 19:53 - 01731312 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll 2014-03-03 20:43 - 2013-06-06 11:43 - 26034688 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\libcef.dll 2014-03-03 20:43 - 2014-02-19 16:59 - 00452720 _____ () C:\Program Files (x86)\Uniblue\SpeedUpMyPC\x86\Trackerbird.py.clr4.dll 2014-02-06 22:19 - 2014-02-06 22:19 - 00070176 _____ () C:\Program Files (x86)\LPT\srpt.dll 2014-02-06 22:19 - 2014-02-06 22:19 - 00022048 _____ () C:\Program Files (x86)\LPT\srptc.dll 2014-02-06 22:18 - 2014-02-06 22:18 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00046624 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00068640 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srau.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 02282528 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00066592 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\spbl.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00014368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\siem.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sppsm.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00696352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00014880 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00078368 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srut.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00029216 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srsbs.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00065056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srom.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00030752 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smtu.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00038944 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\smta.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00043552 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srbu.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00024096 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgml.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00061472 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00024608 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srpdm.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00043040 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-03-20 16:37 - 2014-03-20 16:37 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00035360 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00193056 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\sgmu.dll 2014-03-20 16:36 - 2014-03-20 16:36 - 00061440 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00255008 _____ () C:\Users\CrashsmashLP\AppData\Local\Smartbar\Application\srns.dll 2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00077856 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srpt.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00023072 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srptc.dll 2014-03-20 16:38 - 2014-03-20 16:38 - 00018976 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00056352 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\srut.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00063520 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\sppsm.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00154656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00026656 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Personalization.Common.dll 2014-03-20 16:39 - 2014-03-20 16:39 - 00165408 _____ () C:\Users\CrashsmashLP\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll 2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00014b32 ID des fehlerhaften Prozesses: 0xe84 Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0 Pfad der fehlerhaften Anwendung: Re-markit155.exe1 Pfad des fehlerhaften Moduls: Re-markit155.exe2 Berichtskennung: Re-markit155.exe3 Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5 Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001069 ID des fehlerhaften Prozesses: 0x11fc Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0 Pfad der fehlerhaften Anwendung: WSHost.exe1 Pfad des fehlerhaften Moduls: WSHost.exe2 Berichtskennung: WSHost.exe3 Vollständiger Name des fehlerhaften Pakets: WSHost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17b8 Startzeit: 01cf5f0e248d1577 Endzeit: 15 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c2c Startzeit: 01cf5184d3bce1d1 Endzeit: 31 Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall System errors: ============= Error: (06/17/2014 02:44:02 PM) (Source: Service Control Manager) (EventID: 7016) (User: ) Description: Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error: (06/17/2014 02:44:01 PM) (Source: Service Control Manager) (EventID: 7016) (User: ) Description: Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (06/17/2014 02:31:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Supporter erreicht. Error: (06/17/2014 01:39:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Error: (06/17/2014 01:39:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%127 Microsoft Office Sessions: ========================= Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88 Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 8152.33 MB Available physical RAM: 6018.29 MB Total Pagefile: 16856.33 MB Available Pagefile: 14537.16 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:633.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1328577F) Partition: GPT Partition Type. ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
17.06.2014, 14:00 | #8 |
/// TB-Ausbilder | Windows 8 GVU Trojaber Na dann auf zur Adware-Bekämpfung: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
17.06.2014, 15:48 | #9 |
| Windows 8 GVU Trojaber Hallo Matthias, AdwCleaner Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 17/06/2014 um 15:08:40 # Aktualisiert 05/06/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : CrashsmashLP - MY-PC # Gestartet von : C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : BackupStack [#] Dienst Gelöscht : be0fb33b Dienst Gelöscht : IePluginService Dienst Gelöscht : LPTSystemUpdater Dienst Gelöscht : pcsuservice Dienst Gelöscht : Re-markit [#] Dienst Gelöscht : Update FindRight [#] Dienst Gelöscht : Util FindRight Dienst Gelöscht : WajamUpdaterV3 Dienst Gelöscht : Wpm Dienst Gelöscht : wStLib64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\IePluginService Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\RandoMPricce Ordner Gelöscht : C:\ProgramData\SaveClicker Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx Ordner Gelöscht : C:\Program Files (x86)\FindRight Ordner Gelöscht : C:\Program Files (x86)\LPT Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup Ordner Gelöscht : C:\Program Files (x86)\Mysearchdial Ordner Gelöscht : C:\Program Files (x86)\PC Health Kit Ordner Gelöscht : C:\Program Files (x86)\pc speed up Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro Ordner Gelöscht : C:\Program Files (x86)\Re-markit-soft Ordner Gelöscht : C:\Program Files (x86)\Software Updater Ordner Gelöscht : C:\Program Files (x86)\supporter Ordner Gelöscht : C:\Program Files (x86)\SupTab Ordner Gelöscht : C:\Program Files (x86)\System Speedup Ordner Gelöscht : C:\Program Files (x86)\Uniblue Ordner Gelöscht : C:\Program Files (x86)\Wajam Ordner Gelöscht : C:\Program Files (x86)\easy-deals2 Ordner Gelöscht : C:\Program Files (x86)\Video-for-PC-1.2 Ordner Gelöscht : C:\Program Files (x86)\SaveClicker Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch Ordner Gelöscht : C:\Users\CRASHS~1\AppData\Local\Temp\AirInstaller Ordner Gelöscht : C:\Users\CRASHS~1\AppData\Local\Temp\Smartbar Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\lollipop Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\LPT Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\torch Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\LocalLow\Mysearchdial Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\awesomehp Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\loadtbs Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Mysearchdial Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\PC Health Kit Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\SupTab Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\System Speedup Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Uniblue Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\VOPackage Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Ordner Gelöscht : C:\Users\CrashsmashLP\Documents\PCSpeedUp Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [!] Ordner Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo Datei Gelöscht : C:\END Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk Datei Gelöscht : C:\WINDOWS\System32\drivers\wStLib64.sys Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe Datei Gelöscht : C:\WINDOWS\System32\sasnative64.exe Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\AnyProtectScannerSetup.exe Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup Datei Gelöscht : C:\WINDOWS\Tasks\MySearchDial.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\MySearchDial Datei Gelöscht : C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES Datei Gelöscht : C:\WINDOWS\Tasks\Re-markit Update.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Re-markit Update Datei Gelöscht : C:\WINDOWS\Tasks\Re-markit_wd.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Re-markit_wd Datei Gelöscht : C:\WINDOWS\Tasks\SpeedUpMyPC Maintenance.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\SpeedUpMyPC Maintenance Datei Gelöscht : C:\WINDOWS\Tasks\SpeedUpMyPC Startup.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\SpeedUpMyPC Startup Datei Gelöscht : C:\WINDOWS\Tasks\System Speedup_DEFAULT.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\System Speedup_DEFAULT Datei Gelöscht : C:\WINDOWS\Tasks\System Speedup_UPDATES.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\System Speedup_UPDATES Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-chromeinstaller.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-chromeinstaller Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-codedownloader.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-codedownloader Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-enabler.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-enabler Datei Gelöscht : C:\WINDOWS\Tasks\easy-deals2-updater.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\easy-deals2-updater Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-chromeinstaller.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-chromeinstaller Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-codedownloader.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-codedownloader Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-enabler.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-enabler Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-firefoxinstaller.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-firefoxinstaller Datei Gelöscht : C:\WINDOWS\Tasks\Video-for-PC-1.2-updater.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\Video-for-PC-1.2-updater ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveClicker.SaveClicker Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SaveClicker.SaveClicker.2.1 Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.BHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0039994.Sandbox.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311991194} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322992294} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355995594} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366996694} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344994494} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544154478} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311991194} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511151178} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de871501-6bf6-4966-832c-873c8d3e2454} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f807afa9-be95-471d-82d9-81da7961b6d7} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dc9b8d9-3232-4c81-907c-411363ef8147} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d47625b9-cde9-47f6-ae05-46aef82dccd0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311991194} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322992294} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355995594} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366996694} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311991194} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de871501-6bf6-4966-832c-873c8d3e2454} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f807afa9-be95-471d-82d9-81da7961b6d7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8dc9b8d9-3232-4c81-907c-411363ef8147} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d47625b9-cde9-47f6-ae05-46aef82dccd0} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\AnyProtect Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\mysearchdial Schlüssel Gelöscht : HKCU\Software\PC Health Kit Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx Schlüssel Gelöscht : HKCU\Software\SecuredDownload Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\smartbarbackup Schlüssel Gelöscht : HKCU\Software\smartbarlog Schlüssel Gelöscht : HKCU\Software\SoftwareUpdater Schlüssel Gelöscht : HKCU\Software\Speedchecker Limited Schlüssel Gelöscht : HKCU\Software\System Speedup Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\Wajam Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\easy-deals2 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Video-for-PC-1.2 Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B} Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Schlüssel Gelöscht : HKLM\Software\awesomehpSoftware Schlüssel Gelöscht : HKLM\Software\IePlugin Schlüssel Gelöscht : HKLM\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions Schlüssel Gelöscht : HKLM\Software\mysearchdial Schlüssel Gelöscht : HKLM\Software\Speedchecker Limited Schlüssel Gelöscht : HKLM\Software\SupTab Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\System Speedup Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\Wajam Schlüssel Gelöscht : HKLM\Software\Wpm Schlüssel Gelöscht : HKLM\Software\easy-deals2 Schlüssel Gelöscht : HKLM\Software\Video-for-PC-1.2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\awesomehp uninstaller Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Health Kit_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\easy-deals2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video-for-PC-1.2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Speedchecker Limited Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16843 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Google Chrome v33.0.1750.154 [ Datei : C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : iobhlofholalpkgbeoeobhckdmfpcpce Gelöscht [Extension] : lndipknmjijnalnkamonmljeaojdbpna Gelöscht [Extension] : ombmmloebnfnpehgjnmkcgoegfachobp ************************* AdwCleaner[R0].txt - [45728 octets] - [17/06/2014 15:08:18] AdwCleaner[S0].txt - [35889 octets] - [17/06/2014 15:08:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [35950 octets] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.06.2014 Suchlauf-Zeit: 15:32:19 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.17.05 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: CrashsmashLP Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 280496 Verstrichene Zeit: 8 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.FindRight.A, HKLM\SOFTWARE\WOW6432NODE\FindRight, In Quarantäne, [1e6bfe7b81fa75c183da5d62e022a25e], PUP.Optional.EasyDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\easy-deals2, In Quarantäne, [cbbed4a5bdbeea4c16b8942234ce20e0], PUP.Optional.FindRight.A, HKU\S-1-5-21-505307628-1853979233-654877678-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FindRight, In Quarantäne, [583155242a5173c34a145f6026dce31d], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[6821e1989be0af877df27efc29dbae52] Ordner: 6 PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce, In Quarantäne, [79106217ef8c9e9899d3c4cdee1415eb], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0, In Quarantäne, [26636910ee8d44f2add65141a35f4db3], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0, In Quarantäne, [3554bfbac7b483b3444ec4cebe4414ec], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, In Quarantäne, [a9e08bee007b85b16858e7b920e29868], Dateien: 48 Trojan.FakeMS, C:\ProgramData\jgvmqbe.faa, In Quarantäne, [127706739ae12313f53480f3ba4726da], PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nssA503.tmp, In Quarantäne, [5f2a7405b8c30432689b90775aaa58a8], PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsxB69.tmp, In Quarantäne, [96f340397308a29435cedb2c48bcad53], PUP.Optional.ScramblePacker.A, C:\Users\CrashsmashLP\AppData\Local\Temp\airB76A.exe, In Quarantäne, [2a5f99e05229b1856edd8df2b9486e92], PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\ICReinstall_nsb3C3B.tmp, In Quarantäne, [bccde6936b10f3439b68a3640cf8ac54], PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsb3C3B.tmp, In Quarantäne, [64254f2a6219c472bf44a760887ca957], PUP.Optional.SearchProtect.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nse204.exe, In Quarantäne, [19705029e596bb7b19c62b01cf321be5], PUP.Optional.SearchProtect.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nsf1DDB.exe, In Quarantäne, [66233a3f88f3300656893eeee31e9070], PUP.Optional.InstallCore, C:\Users\CrashsmashLP\AppData\Local\Temp\nsj74AE.tmp, In Quarantäne, [a4e52d4cd7a49f97df240dfa679d59a7], PUP.Optional.MySearchDial.A, C:\Users\CrashsmashLP\AppData\Local\Temp\is105043906\mysearchdial.dll, In Quarantäne, [1a6fc1b8a6d55ed8c5b9a0b614ed14ec], Trojan.Agent.ED, C:\Users\CrashsmashLP\AppData\Local\Temp\Low\0437.dll, In Quarantäne, [167316635e1db383300c18576998946c], PUP.Optional.Conduit.A, C:\Users\CrashsmashLP\AppData\Local\Temp\e8937d79-19d0-4fc4-9a4d-e58a30adeae3\spidentifierimpl.exe, In Quarantäne, [c2c77009a9d2201600d8275fa65b58a8], PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\tugs_awesomehp.exe, In Quarantäne, [6029c8b1601b5ed84a6d2039f20f2ad6], PUP.Optional.ScramblePacker.A, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\videoforpc.exe, In Quarantäne, [46437ffa6912e74f1536dba4f1108f71], PUP.Optional.SilenceInstall, C:\Users\CrashsmashLP\AppData\Local\Temp\f96dd588-9312-436e-8ca0-f5324b2821f7\software\VOPackage.exe, In Quarantäne, [c0c9cbae1269ed49805b78c221df817f], PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\package1.zip, In Quarantäne, [34557108057680b62ff49f93a45c847c], PUP.Optional.SkyTech.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\QQBrowserFrame.dll, In Quarantäne, [7a0fcfaa4437fb3be24176bc9b653fc1], PUP.Optional.SupTab.A, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\tmp\SupTab.exe, In Quarantäne, [e9a051289cdfb680b7a2b97cc8381ae6], PUP.Optional.WpManager, C:\Users\CrashsmashLP\AppData\Local\Temp\fullpackage_temp1393872048\tmp\wpm.exe, In Quarantäne, [721783f60873b086d8747ce8a9589e62], PUP.Optional.OpenCandy, C:\Users\CrashsmashLP\AppData\Local\Temp\nseA3A1.tmp\OCSetupHlp.dll, In Quarantäne, [3c4dc0b9700bab8b6c326b3353b1a15f], PUP.Optional.Conduit.A, C:\Users\CrashsmashLP\AppData\Local\Temp\nsq6ECB\SpSetup.exe, In Quarantäne, [8ffa1663e39838fe8c45938ed62b36ca], PUP.LoadTubes, C:\Users\CrashsmashLP\Downloads\bandicam.exe, In Quarantäne, [0683f68380fbe84ec9a04fba7d83d52b], PUP.Optional.SnapDo.A, C:\Windows\Installer\1b44dae2.msi, In Quarantäne, [c0c94732146706309a3d5f2714ed8b75], PUP.Optional.LiveLyrics.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [25640277e893979ff0dd406ae71b45bb], PUP.Optional.LiveLyrics.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [03860c6d116a290d9439d4d6ff0342be], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage, In Quarantäne, [5336e79205762b0b55b04e67a26056aa], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage-journal, In Quarantäne, [2b5ec6b3b4c77eb8c540f2c326dcbc44], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0.localstorage, In Quarantäne, [315811682e4de15588a7b63e47bc2cd4], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0.localstorage-journal, In Quarantäne, [f6931564fe7d0630b778b63e4db6c937], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000005.ldb, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000014.ldb, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\000015.log, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\CURRENT, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOCK, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOG, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\LOG.old, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iobhlofholalpkgbeoeobhckdmfpcpce\MANIFEST-000013, In Quarantäne, [97f2e29726557fb7196931616f935ea2], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_iobhlofholalpkgbeoeobhckdmfpcpce_0\1, In Quarantäne, [26636910ee8d44f2add65141a35f4db3], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0\2, In Quarantäne, [3554bfbac7b483b3444ec4cebe4414ec], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000005.ldb, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000011.ldb, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000012.log, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\CURRENT, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOCK, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG.old, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.CrossRider.A, C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\MANIFEST-000010, In Quarantäne, [335601788eed93a3d3c9a3ef05fd0bf5], PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, In Quarantäne, [a9e08bee007b85b16858e7b920e29868], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 16-June-2014 Tool run by CrashsmashLP on 17.06.2014 at 16:06:12,71. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\CrashsmashLP\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 17.06.2014 16:08:37 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Mozilla\Firefox\Extensions\{18cb1911-bb8b-407a-a031-fffc8d7b664c} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\CrashsmashLP\AppData\LocalLow\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted C:\Users\CrashsmashLP\AppData\Local\Packages\windows_ie_ac_001\AC\{5E35BEDC-848F-3F2F-5A79-DDFF1E019BE6} deleted C:\Users\CrashsmashLP\AppData\Local\Packages\windows_ie_ac_001\AC\{9A2EDA1B-FD76-D575-5E17-BBDA2C000A41} deleted C:\PROGRA~3\30749dcefd186a6c deleted C:\Support deleted C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted C:\PROGRA~3\Package Cache deleted C:\Users\CrashsmashLP\AppData\Local\nspD84C.tmp deleted C:\Users\CrashsmashLP\AppData\LocalLow\store-pp.jbs deleted C:\Users\CrashsmashLP\Desktop\FREE Games.url deleted "C:\Users\CrashsmashLP\AppData\Roaming\convert\convert.exe" deleted "C:\Users\CrashsmashLP\AppData\Roaming\convert" deleted ==== Chrome Look ====================== SaveClicker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo SaveClicker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo SaveClicker - CrashsmashLP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo Create Short URL - CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce Week Index - CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna SaveClicker - CrashsmashLP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo SaveClicker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo SaveClicker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo ==== Chrome Fix ====================== C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\CrashsmashLP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\CrashsmashLP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfonoalbbkeljpeggemnpdmhpiidhbgo deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.de/" "Search Page"="hxxp://www.google.com" "Default_Page_URL"="hxxp://www.google.com" "Search Bar"="hxxp://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://www.google.com" "Default_Page_URL"="hxxp://www.google.com" "Start Page"="hxxp://www.google.com" "Search Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://www.google.com" "Default_Page_URL"="hxxp://www.google.com" "Start Page"="hxxp://www.google.com" "Search Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="hxxp://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="hxxp://www.google.com" "SearchAssistant"="hxxp://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://www.google.de/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A014A11-3D9E-44BD-9431-2DB67F752CB9} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bb4c4f5f-26b5-45fa-9e01-3d056cb56fa2} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E96338DC-1468-4918-8EC2-8454BFFC5025} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\674d5dbc-360d-4da7-aa62-80d47d9437b8 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\11A410A3E9D3DB444913D26BF757C29B deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\CrashsmashLP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\CrashsmashLP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=56 folders=37 49110969 bytes) ==== Empty Temp Folders ====================== C:\Users\CrashsmashLP\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\CRASHS~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 17.06.2014 at 16:20:42,02 ====================== |
17.06.2014, 15:49 | #10 |
| Windows 8 GVU Trojaber hier teil 2..es war etwas zu lang um alles in den ersten Teil zu packen. FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014 Ran by CrashsmashLP (administrator) on MY-PC on 17-06-2014 16:25:28 Running from C:\Users\CrashsmashLP\Desktop Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\lpksetup.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Windows\jmesoft\Service.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Windows\SysWOW64\PnkBstrA.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe (GamersFirst) C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Windows\jmesoft\JME_LOAD.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe (Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsMap.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit.exe [28672 2012-07-24] () HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333 HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\MountPoints2: {9d4b3424-8d92-11e3-be6e-806e6f6e6963} - "D:\pushinst.exe" Startup: C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {424D67D3-6B88-4527-B275-39B22EE89AEC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-11-03] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Docs) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01] CHR Extension: (Google Drive) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01] CHR Extension: (YouTube) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01] CHR Extension: (Google Search) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01] CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17] CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17] CHR Extension: (Google Wallet) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05] CHR Extension: (Gmail) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed] R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed] R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed] R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-06] (GenesysLogic) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-17 23:43 - 2014-06-17 16:25 - 00000000 ____D () C:\FRST 2014-06-17 16:25 - 2014-06-17 16:25 - 00013623 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt 2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-17 16:25 - 2014-06-17 13:37 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe 2014-06-17 16:22 - 2014-06-17 15:11 - 00036259 _____ () C:\Users\CrashsmashLP\Desktop\AdwCleaner[S0].txt 2014-06-17 16:20 - 2014-06-17 16:20 - 00011858 _____ () C:\Users\CrashsmashLP\Desktop\zoek-results.txt 2014-06-17 16:20 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-17 16:20 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-17 16:17 - 2014-06-17 16:25 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp 2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp 2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp 2014-06-17 16:17 - 2014-06-17 16:06 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe 2014-06-17 16:08 - 2014-06-17 16:20 - 00011858 _____ () C:\zoek-results.log 2014-06-17 15:49 - 2014-06-17 16:16 - 00000000 ____D () C:\zoek_backup 2014-06-17 15:46 - 2014-06-17 15:46 - 00011680 _____ () C:\Users\CrashsmashLP\Desktop\mbam.txt 2014-06-17 15:41 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2014-06-17 15:41 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2014-06-17 15:41 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2014-06-17 15:41 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2014-06-17 15:41 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-06-17 15:41 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2014-06-17 15:41 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-06-17 15:41 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-06-17 15:41 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-06-17 15:41 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-06-17 15:39 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-17 15:39 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-06-17 15:39 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe 2014-06-17 15:39 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-17 15:39 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-17 15:39 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-17 15:39 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-17 15:39 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-17 15:39 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-17 15:39 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-17 15:39 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-17 15:39 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-17 15:39 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2014-06-17 15:38 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-17 15:38 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-17 15:38 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-06-17 15:38 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-06-17 15:38 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-06-17 15:37 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-17 15:37 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-17 15:37 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-17 15:37 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-17 15:37 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-17 15:37 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-17 15:37 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-17 15:37 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-17 15:37 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-06-17 15:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-17 15:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-17 15:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-17 15:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-06-17 15:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-17 15:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-17 15:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-17 15:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-17 15:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-17 15:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-17 15:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-17 15:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-17 15:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-17 15:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-17 15:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-17 15:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-17 15:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-06-17 15:36 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-06-17 15:36 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2014-06-17 15:36 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2014-06-17 15:36 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2014-06-17 15:36 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2014-06-17 15:36 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2014-06-17 15:36 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-06-17 15:36 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-06-17 15:36 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2014-06-17 15:36 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2014-06-17 15:36 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2014-06-17 15:36 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2014-06-17 15:36 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2014-06-17 15:36 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2014-06-17 15:36 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll 2014-06-17 15:36 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2014-06-17 15:36 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-06-17 15:36 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2014-06-17 15:36 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll 2014-06-17 15:36 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-06-17 15:36 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2014-06-17 15:36 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll 2014-06-17 15:36 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2014-06-17 15:36 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll 2014-06-17 15:36 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2014-06-17 15:36 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll 2014-06-17 15:36 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2014-06-17 15:36 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-06-17 15:36 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2014-06-17 15:36 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-17 15:36 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-17 15:36 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-06-17 15:34 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-06-17 15:34 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll 2014-06-17 15:34 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll 2014-06-17 15:34 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-06-17 15:34 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-06-17 15:34 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-06-17 15:34 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-06-17 15:34 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-06-17 15:33 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-17 15:33 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2014-06-17 15:20 - 2014-06-17 15:45 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-17 15:19 - 2014-06-17 15:19 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-17 15:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-17 15:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-06-17 15:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-17 15:08 - 2014-06-17 15:11 - 00000000 ____D () C:\AdwCleaner 2014-06-17 15:07 - 2014-06-17 15:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CrashsmashLP\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-17 15:07 - 2014-06-17 15:03 - 01333465 _____ () C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe 2014-06-02 16:23 - 2014-06-17 14:31 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk ==================== One Month Modified Files and Folders ======= 2014-06-17 16:26 - 2014-02-02 10:16 - 00000213 _____ () C:\Users\CrashsmashLP\Documents\pms.xml 2014-06-17 16:25 - 2014-06-17 23:43 - 00000000 ____D () C:\FRST 2014-06-17 16:25 - 2014-06-17 16:25 - 00013623 _____ () C:\Users\CrashsmashLP\Desktop\FRST.txt 2014-06-17 16:25 - 2014-06-17 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-06-17 16:25 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\CrashsmashLP\AppData\Local\Temp 2014-06-17 16:25 - 2014-02-03 17:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-505307628-1853979233-654877678-1001 2014-06-17 16:25 - 2012-11-03 00:13 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk 2014-06-17 16:24 - 2012-11-03 08:55 - 00751892 _____ () C:\WINDOWS\system32\perfh007.dat 2014-06-17 16:24 - 2012-11-03 08:55 - 00155620 _____ () C:\WINDOWS\system32\perfc007.dat 2014-06-17 16:24 - 2012-07-26 09:28 - 01745416 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-17 16:20 - 2014-06-17 16:20 - 00011858 _____ () C:\Users\CrashsmashLP\Desktop\zoek-results.txt 2014-06-17 16:20 - 2014-06-17 16:08 - 00011858 _____ () C:\zoek-results.log 2014-06-17 16:20 - 2014-04-01 13:58 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-17 16:20 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-17 16:20 - 2014-02-02 10:16 - 00000000 ___RD () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-17 16:19 - 2012-08-01 17:51 - 00037984 _____ () C:\WINDOWS\PFRO.log 2014-06-17 16:19 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-06-17 16:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp 2014-06-17 16:17 - 2014-06-17 16:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp 2014-06-17 16:17 - 2014-02-02 10:17 - 00000008 _____ () C:\Users\CrashsmashLP\Documents\lmscfg 2014-06-17 16:17 - 2012-11-03 00:17 - 01402216 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-17 16:16 - 2014-06-17 15:49 - 00000000 ____D () C:\zoek_backup 2014-06-17 16:08 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-17 16:06 - 2014-06-17 16:17 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe 2014-06-17 16:03 - 2014-04-01 13:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-17 16:03 - 2014-02-25 16:13 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-17 16:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-06-17 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-06-17 15:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-06-17 15:46 - 2014-06-17 15:46 - 00011680 _____ () C:\Users\CrashsmashLP\Desktop\mbam.txt 2014-06-17 15:45 - 2014-06-17 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-17 15:19 - 2014-06-17 15:19 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-17 15:19 - 2014-06-17 15:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-17 15:11 - 2014-06-17 16:22 - 00036259 _____ () C:\Users\CrashsmashLP\Desktop\AdwCleaner[S0].txt 2014-06-17 15:11 - 2014-06-17 15:08 - 00000000 ____D () C:\AdwCleaner 2014-06-17 15:11 - 2014-02-02 10:16 - 00001020 _____ () C:\Users\CrashsmashLP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-17 15:11 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp 2014-06-17 15:04 - 2014-06-17 15:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\CrashsmashLP\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-17 15:03 - 2014-06-17 15:07 - 01333465 _____ () C:\Users\CrashsmashLP\Desktop\adwcleaner_3.212.exe 2014-06-17 14:33 - 2014-02-25 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-06-17 14:31 - 2014-06-02 16:23 - 00001426 _____ () C:\Users\CrashsmashLP\Desktop\Registry kostenlos entrümpeln!.lnk 2014-06-17 14:31 - 2014-03-25 17:45 - 00003262 _____ () C:\WINDOWS\System32\Tasks\PC Health Kit Schedule 2014-06-17 13:37 - 2014-06-17 16:25 - 02081280 _____ (Farbar) C:\Users\CrashsmashLP\Desktop\FRST64.exe 2014-06-17 13:10 - 2012-07-26 09:21 - 00026869 _____ () C:\WINDOWS\setupact.log 2014-06-05 18:57 - 2014-02-25 15:46 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-06-01 17:17 - 2014-02-25 16:13 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-31 07:16 - 2014-06-17 16:20 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-05-31 07:16 - 2014-06-17 16:20 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-24 04:48 - 2014-06-17 15:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-05-24 04:47 - 2014-06-17 15:36 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-05-24 04:47 - 2014-06-17 15:36 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-05-24 04:47 - 2014-06-17 15:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-05-24 04:47 - 2014-06-17 15:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-05-24 04:46 - 2014-06-17 15:37 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-24 04:46 - 2014-06-17 15:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-05-24 04:46 - 2014-06-17 15:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-05-24 04:45 - 2014-06-17 15:37 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-05-24 04:45 - 2014-06-17 15:37 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-05-24 04:45 - 2014-06-17 15:36 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-05-24 03:26 - 2014-06-17 15:37 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-24 03:26 - 2014-06-17 15:37 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-24 03:26 - 2014-06-17 15:36 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-05-24 03:26 - 2014-06-17 15:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-05-24 03:26 - 2014-06-17 15:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-05-24 03:26 - 2014-06-17 15:36 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-05-24 03:26 - 2014-06-17 15:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-05-24 03:25 - 2014-06-17 15:37 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-05-24 03:25 - 2014-06-17 15:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-05-24 03:25 - 2014-06-17 15:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-05-24 03:25 - 2014-06-17 15:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-05-24 03:09 - 2014-06-17 15:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-05-24 03:03 - 2014-06-17 15:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-05-24 00:37 - 2014-06-17 15:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-17 10:30 ==================== End Of Log ============================ --- --- --- Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014 Ran by CrashsmashLP at 2014-06-17 16:26:10 Running from C:\Users\CrashsmashLP\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.2 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version: - ) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio) Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo) Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version: - Ubisoft Reflections) FindRight (HKLM\...\FindRight) (Version: 2014.02.26.051729 - FindRight) <==== ATTENTION FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies) GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo) Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead) Lollipop (HKCU\...\lollipop_03241333) (Version: - Lollipop Network, S.L.) <==== ATTENTION Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version: - Double Helix Games) MXGP - The Official Motocross Videogame (HKLM-x32\...\Steam App 256370) (Version: - Milestone S.r.l.) NVIDIA Grafiktreiber 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Systemsteuerung 305.93 (Version: 305.93 - NVIDIA Corporation) Hidden Off-Road Drive (HKLM-x32\...\Steam App 200230) (Version: - 1C-Avalon) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo) Prince of Persia: The Forgotten Sands (HKLM-x32\...\Steam App 33320) (Version: - Ubisoft Montreal) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shift 2 Unleashed (HKLM-x32\...\Steam App 47920) (Version: - Slightly Mad Studios) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version: - Eden Studios) Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version: - Redlynx Ltd) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) ==================== Restore Points ========================= 29-04-2014 18:05:12 Geplanter Prüfpunkt 17-06-2014 12:51:52 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {016BC803-E3DA-4A60-8083-6E7E3080DB7A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION Task: {871C9EC1-111E-4343-B7D3-4E69D96D696B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {A7580209-C80F-47FF-A5A9-923712615780} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation) Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION Task: {ADC4169D-889E-48FC-A412-493E05B2A5A0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-01] (Microsoft Corporation) Task: {B36EEA24-957E-42E4-B7D4-8ECCE70146A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION Task: {F0A61E0C-950A-4724-984E-839485F2D1EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.) Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-03 00:05 - 2011-03-15 21:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2014-02-26 18:53 - 2014-02-26 18:54 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2012-11-03 00:05 - 2012-07-24 13:36 - 00028672 _____ () C:\Windows\SysWOW64\UMonit.exe 2012-11-03 00:05 - 2011-05-17 14:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-04-27 00:38 - 2012-04-27 00:38 - 20758016 _____ () C:\Users\CrashsmashLP\AppData\Local\GamersFirst\LIVE!\libcef.dll 2012-11-03 00:05 - 2011-05-17 14:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2012-11-03 00:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Re-markit155.exe, Version: 1.155.0.0, Zeitstempel: 0x531329b6 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451, Zeitstempel: 0x50988950 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00014b32 ID des fehlerhaften Prozesses: 0xe84 Startzeit der fehlerhaften Anwendung: 0xRe-markit155.exe0 Pfad der fehlerhaften Anwendung: Re-markit155.exe1 Pfad des fehlerhaften Moduls: Re-markit155.exe2 Berichtskennung: Re-markit155.exe3 Vollständiger Name des fehlerhaften Pakets: Re-markit155.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Re-markit155.exe5 Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WSHost.exe, Version: 6.2.9200.16384, Zeitstempel: 0x50108842 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000001069 ID des fehlerhaften Prozesses: 0x11fc Startzeit der fehlerhaften Anwendung: 0xWSHost.exe0 Pfad der fehlerhaften Anwendung: WSHost.exe1 Pfad des fehlerhaften Moduls: WSHost.exe2 Berichtskennung: WSHost.exe3 Vollständiger Name des fehlerhaften Pakets: WSHost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: WSHost.exe5 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17b8 Startzeit: 01cf5f0e248d1577 Endzeit: 15 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: 7a143984-cb01-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm SystemSettings.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c2c Startzeit: 01cf5184d3bce1d1 Endzeit: 31 Anwendungspfad: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Berichts-ID: 2598adb0-bd78-11e3-be8d-d43d7e1ffc88 Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Anwendungs-ID, die relativ zum fehlerhaften Paket ist: microsoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to poke open firewall System errors: ============= Error: (06/17/2014 04:19:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/17/2014 04:15:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/17/2014 04:15:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/17/2014 04:15:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (06/17/2014 03:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (06/17/2014 03:15:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (06/17/2014 03:10:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wpm erreicht. Error: (06/17/2014 03:09:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IePluginService erreicht. Microsoft Office Sessions: ========================= Error: (06/17/2014 01:31:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Re-markit155.exe1.155.0.0531329b6KERNELBASE.dll6.2.9200.1645150988950e06d736300014b32e8401cf8a1f9af7d1d7C:\Program Files (x86)\Re-markit-soft\Re-markit155.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlldd516fe5-f612-11e3-be96-001f1fdcf1ad Error: (06/02/2014 04:07:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WSHost.exe6.2.9200.1638450108842ntdll.dll6.2.9200.1657951637f77c0000005000000000000106911fc01cf7e6bff8f8a6eC:\WINDOWS\WinStore\WSHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll3fc6e39e-ea5f-11e3-be8e-d43d7e1ffc88 Error: (06/02/2014 04:02:31 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (06/02/2014 03:53:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 1373463062 ticks; setting correction factor to 61896425 Error: (04/23/2014 06:08:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.2.9200.1662817b801cf5f0e248d157715C:\WINDOWS\Explorer.EXE7a143984-cb01-11e3-be8d-d43d7e1ffc88 Error: (04/06/2014 00:42:38 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/06/2014 00:42:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SystemSettings.exe6.2.9200.16420c2c01cf5184d3bce1d131C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe2598adb0-bd78-11e3-be8d-d43d7e1ffc88windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/05/2014 07:13:26 AM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall Error: (04/03/2014 05:30:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/02/2014 03:13:03 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to poke open firewall ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 8152.33 MB Available physical RAM: 6756.93 MB Total Pagefile: 16856.33 MB Available Pagefile: 15390.45 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:630.82 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:3.73 GB) (Free:3.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1328577F) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
17.06.2014, 18:08 | #11 |
/// TB-Ausbilder | Windows 8 GVU Trojaber Du hast alles richtig gemacht. Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17] CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17] CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05] Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe C:\Program Files (x86)\PC Health Kit C:\Users\CrashsmashLP\AppData\Roaming\VOPackage Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION C:\Program Files (x86)\System Speedup Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION Reboot: end Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
18.06.2014, 15:23 | #12 |
| Windows 8 GVU Trojaber Hallo, Der ESET Online Scanner läuft mittlerweile seit über 4 Stunden und steht noch bei 0 %. Ich hatte ihn vorher schonmal gestartet und dann die Testversion von McAfee deinstalliert und neugestartet. Checkup habe ich dann einfach mal während dem Lauf von ESET gestartet. Hier schonmal die 3 anderen Logs. Mein Bekannter will den Rechner heute Abend abholen weil er ihn morgen benötigt, sehr viel mehr "Problemlösung" werden wir also nicht mehr schaffen. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014 Ran by CrashsmashLP at 2014-06-18 09:14:08 Run:2 Running from G:\vierter lauf Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKU\S-1-5-21-505307628-1853979233-654877678-1001\...\Run: [lollipop_03241333] => "c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.exe" lollipop_03241333 GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF Extension: Widget context - C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-30] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (Week Index) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-06-17] CHR Extension: (Create Short URL) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce [2014-06-17] CHR Extension: (No Name) - C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-06-05] Task: {055ACA79-76E3-4128-9A88-C6E53D5DA306} - \System Speedup_UPDATES No Task File <==== ATTENTION Task: {0E121932-2C16-4C4A-8EF9-C7F7D30F38D9} - System32\Tasks\PC Health Kit Schedule => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe Task: {0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF} - System32\Tasks\Ongoing package check => C:\Users\CrashsmashLP\AppData\Roaming\VOPackage\VOPackage.exe C:\Program Files (x86)\PC Health Kit C:\Users\CrashsmashLP\AppData\Roaming\VOPackage Task: {340156DF-4365-49B2-8BF7-7882DE5C2404} - \Video-for-PC-1.2-updater No Task File <==== ATTENTION Task: {39AAB40E-30F9-4F34-85D3-09C9BE511890} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: {4B6C35EB-7A11-4D36-9B69-8E19E7B6B437} - \easy-deals2-enabler No Task File <==== ATTENTION Task: {4CF1CB1A-F362-4425-9731-7197968BFE87} - \Re-markit_wd No Task File <==== ATTENTION Task: {570E3154-D7CA-4070-874E-1FAE5591AB83} - \easy-deals2-codedownloader No Task File <==== ATTENTION Task: {600F52E3-C80A-4AD1-AA02-0AA4642EAEBA} - \PC SpeedUp Service Deactivator No Task File <==== ATTENTION Task: {629C9F0B-6229-4BDF-BA53-0FA07EA89CD1} - \RegClean Pro No Task File <==== ATTENTION Task: {6522885D-569C-4DA3-A081-6E2D5FAAFEA8} - \SpeedUpMyPC Startup No Task File <==== ATTENTION Task: {67D0416B-EA61-4694-804D-D5F53AD96F47} - \easy-deals2-chromeinstaller No Task File <==== ATTENTION Task: {808095AD-620F-43E6-B0B4-BB1BAADE8106} - \System Speedup_DEFAULT No Task File <==== ATTENTION C:\Program Files (x86)\System Speedup Task: {AC7C4170-C8A2-42BB-A9B9-C0A24716F594} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9} - \Video-for-PC-1.2-firefoxinstaller No Task File <==== ATTENTION Task: {B3AC06F8-6001-479A-87AA-C31D1122CAD5} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672} - \MySearchDial No Task File <==== ATTENTION Task: {C97D9686-3DEE-4D40-BCAC-0D062733668D} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION Task: {CD2A0605-4783-40E9-AE9C-E56621E3C9FE} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {DE8B386F-AD9C-4455-B59E-AE803FDFEE5A} - \Re-markit Update No Task File <==== ATTENTION Task: {E861AB9D-879B-4B73-BB70-E116C24F1354} - \Video-for-PC-1.2-enabler No Task File <==== ATTENTION Task: {EAE12587-3082-4C98-82DE-A0CFFE84C912} - \Video-for-PC-1.2-chromeinstaller No Task File <==== ATTENTION Task: {EFB336BD-EBF4-4B09-B03D-0A60FFD171A2} - \easy-deals2-updater No Task File <==== ATTENTION Task: {FA0B6CE9-6845-401E-BDB7-E366370D2275} - \Video-for-PC-1.2-codedownloader No Task File <==== ATTENTION Reboot: end ***************** HKU\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop_03241333 => value deleted successfully. C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully. C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Users\CrashsmashLP\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi => Moved successfully. 'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully. C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna => Moved successfully. C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobhlofholalpkgbeoeobhckdmfpcpce => Moved successfully. C:\Users\CrashsmashLP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{055ACA79-76E3-4128-9A88-C6E53D5DA306}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055ACA79-76E3-4128-9A88-C6E53D5DA306}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_UPDATES' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E121932-2C16-4C4A-8EF9-C7F7D30F38D9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E121932-2C16-4C4A-8EF9-C7F7D30F38D9}' => Key deleted successfully. C:\Windows\System32\Tasks\PC Health Kit Schedule => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Health Kit Schedule' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E1A62BA-936B-4B5D-AB0C-4C74C8B32BBF}' => Key deleted successfully. C:\Windows\System32\Tasks\Ongoing package check => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ongoing package check' => Key deleted successfully. "C:\Program Files (x86)\PC Health Kit" => File/Directory not found. "C:\Users\CrashsmashLP\AppData\Roaming\VOPackage" => File/Directory not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{340156DF-4365-49B2-8BF7-7882DE5C2404}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{340156DF-4365-49B2-8BF7-7882DE5C2404}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-updater' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39AAB40E-30F9-4F34-85D3-09C9BE511890}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39AAB40E-30F9-4F34-85D3-09C9BE511890}' => Key deleted successfully. C:\Windows\System32\Tasks\System Speedup => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B6C35EB-7A11-4D36-9B69-8E19E7B6B437}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B6C35EB-7A11-4D36-9B69-8E19E7B6B437}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-enabler' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CF1CB1A-F362-4425-9731-7197968BFE87}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CF1CB1A-F362-4425-9731-7197968BFE87}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit_wd' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{570E3154-D7CA-4070-874E-1FAE5591AB83}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{570E3154-D7CA-4070-874E-1FAE5591AB83}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-codedownloader' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{600F52E3-C80A-4AD1-AA02-0AA4642EAEBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{600F52E3-C80A-4AD1-AA02-0AA4642EAEBA}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{629C9F0B-6229-4BDF-BA53-0FA07EA89CD1}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{629C9F0B-6229-4BDF-BA53-0FA07EA89CD1}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6522885D-569C-4DA3-A081-6E2D5FAAFEA8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6522885D-569C-4DA3-A081-6E2D5FAAFEA8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67D0416B-EA61-4694-804D-D5F53AD96F47}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D0416B-EA61-4694-804D-D5F53AD96F47}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-chromeinstaller' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{808095AD-620F-43E6-B0B4-BB1BAADE8106}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{808095AD-620F-43E6-B0B4-BB1BAADE8106}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Speedup_DEFAULT' => Key deleted successfully. "C:\Program Files (x86)\System Speedup" => File/Directory not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC7C4170-C8A2-42BB-A9B9-C0A24716F594}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC7C4170-C8A2-42BB-A9B9-C0A24716F594}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACCE5BB3-88DD-45FF-B7EE-0B79A1BA0DD9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-firefoxinstaller' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3AC06F8-6001-479A-87AA-C31D1122CAD5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3AC06F8-6001-479A-87AA-C31D1122CAD5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36F9A0B-EEE1-4DCB-B7FA-BF484EAE8672}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C97D9686-3DEE-4D40-BCAC-0D062733668D}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C97D9686-3DEE-4D40-BCAC-0D062733668D}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD2A0605-4783-40E9-AE9C-E56621E3C9FE}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD2A0605-4783-40E9-AE9C-E56621E3C9FE}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE8B386F-AD9C-4455-B59E-AE803FDFEE5A}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE8B386F-AD9C-4455-B59E-AE803FDFEE5A}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E861AB9D-879B-4B73-BB70-E116C24F1354}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E861AB9D-879B-4B73-BB70-E116C24F1354}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-enabler' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAE12587-3082-4C98-82DE-A0CFFE84C912}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE12587-3082-4C98-82DE-A0CFFE84C912}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-chromeinstaller' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFB336BD-EBF4-4B09-B03D-0A60FFD171A2}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFB336BD-EBF4-4B09-B03D-0A60FFD171A2}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\easy-deals2-updater' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA0B6CE9-6845-401E-BDB7-E366370D2275}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA0B6CE9-6845-401E-BDB7-E366370D2275}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video-for-PC-1.2-codedownloader' => Key deleted successfully. The system needed a reboot. ==== End of Fixlog ==== Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 09:16 on 18/06/2014 by CrashsmashLP Administrator - Elevation successful ========== folderfind ========== Searching for "*FindRight*" C:\AdwCleaner\Quarantine\C\Program Files (x86)\FindRight d------ [13:10 17/06/2014] Searching for "*Lollipop*" C:\AdwCleaner\Quarantine\C\Users\CrashsmashLP\AppData\Local\lollipop d------ [13:11 17/06/2014] ========== regfind ========== Searching for "FindRight" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-505307628-1853979233-654877678-1001\Software\FindRight] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "DisplayName"="FindRight" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "UninstallString"="C:\Program Files (x86)\FindRight\FindRightuninstall.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "QuietUninstallString"="C:\Program Files (x86)\FindRight\FindRightuninstall.exe /S" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "InstallLocation"="C:\Program Files (x86)\FindRight" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "DisplayIcon"="C:\Program Files (x86)\FindRight\FindRight.ico" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "Publisher"="FindRight" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "HelpLink"="mailto:support@myfindright.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "URLUpdateInfo"="hxxp://myfindright.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight] "URLInfoAbout"="hxxp://myfindright.com/support" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Update FindRight] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Util FindRight] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update FindRight] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util FindRight] [HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateFindRight.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\utilFindRight.exe] [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-505307628-1853979233-654877678-1001\Software\FindRight] [HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\updateFindRight.exe] [HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\utilFindRight.exe] Searching for "Lollipop" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2d439c27_0] @="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_17aa3665&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume5\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "DisplayName"="Lollipop" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "UninstallString"=""c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.bat"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "DisplayIcon"="c:\users\crashsmashlp\appdata\local\lollipop\logo.ico" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "Publisher"="Lollipop Network, S.L." [HKEY_CURRENT_USER\Software\Classes\Applications\lollipop_03241333.exe] [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication] "Name"="lollipop_03241333.exe" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2d439c27_0] @="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_17aa3665&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume5\Users\CrashsmashLP\AppData\Local\Lollipop\lollipop_03241333.exe%b{00000000-0000-0000-0000-000000000000}" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "DisplayName"="Lollipop" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "UninstallString"=""c:\users\crashsmashlp\appdata\local\lollipop\lollipop_03241333.bat"" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "DisplayIcon"="c:\users\crashsmashlp\appdata\local\lollipop\logo.ico" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_03241333] "Publisher"="Lollipop Network, S.L." [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Classes\Applications\lollipop_03241333.exe] [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication] "Name"="lollipop_03241333.exe" [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001_Classes\Applications\lollipop_03241333.exe] [HKEY_USERS\S-1-5-21-505307628-1853979233-654877678-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication] "Name"="lollipop_03241333.exe" -= EOF =- Code:
ATTFilter Results of screen317's Security Check version 0.99.83 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Google Chrome 33.0.1750.154 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe ESET ESET Online Scanner OnlineScannerApp.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
19.06.2014, 09:52 | #13 |
/// TB-Ausbilder | Windows 8 GVU Trojaber Es würde mich freuen, wenn du deinem Bekannten noch folgende Tipps mit auf den Weg geben könntest: Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
19.06.2014, 21:10 | #14 |
| Windows 8 GVU Trojaber Hallo Matthias, Ich danke dir nochmals für deine tolle Unterstützung. Du kannst dieses Thema nun aus deinem Abo entfernen. Deinen Hinweis das TB zu unterstützen habe ich gern aufgenommen. |
20.06.2014, 13:24 | #15 |
/// TB-Ausbilder | Windows 8 GVU Trojaber Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |