|
Log-Analyse und Auswertung: Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" DateifensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2014, 22:26 | #1 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Hallo! Wenn ich meinen Laptop hochfahre erscheint nur ein einfarbiger (bei mir gelber, aber ich glaube das hat einfach mit der eingestellten Hintergrundfarbe zutun) Bildschirm und das geöffnete "Computer"-Dateifenster (Arbeitsplatz). Über dieses Fenster kann ich ganz normal auf alle Dateien/Daten zugreifen und das funktioniert alles ganz normal und schnell. Es fehlt eben die Startleiste und alle Symbole am Desktop. Ich habe nun FRS downgeloaded und die zwei Dateien erstellt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by Nati (administrator) on NATI-PC on 27-12-2014 21:36:48 Running from C:\Users\Nati\Desktop Loaded Profile: Nati (Available profiles: Nati) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-19] (Microsoft Corporation) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2552683608-972022576-3084334511-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe [515464 2013-10-05] (Adobe Systems Incorporated) HKU\S-1-5-21-2552683608-972022576-3084334511-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\EgisTec IPS\EgisUpdate.exe [207728 2011-03-29] (Egis Technology Inc.) HKU\S-1-5-21-2552683608-972022576-3084334511-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [25475 2014-12-21] () HKU\S-1-5-21-2552683608-972022576-3084334511-1000\...\MountPoints2: {bdc48dc9-5b2c-11e2-b6a5-806e6f6e6963} - D:\CTStart.exe HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\Nati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-2552683608-972022576-3084334511-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2552683608-972022576-3084334511-1000 -> No Name - {4D594333-2D56-3700-76A7-7A786E7484D7} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default\Extensions\abs@avira.com [2014-10-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-14] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-28] (Atheros Commnucations) [File not signed] R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation) R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] () S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [235664 2012-06-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-06] (Avira Operations GmbH & Co. KG) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-21] () R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-14] (Intel Corporation) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 21:36 - 2014-12-27 21:37 - 00014627 _____ () C:\Users\Nati\Desktop\FRST.txt 2014-12-27 21:36 - 2014-12-27 21:36 - 00000000 ____D () C:\FRST 2014-12-27 21:35 - 2014-12-27 21:36 - 02122752 _____ (Farbar) C:\Users\Nati\Desktop\FRST64.exe 2014-12-21 10:54 - 2014-12-21 10:54 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-21 10:43 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-21 10:43 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-21 02:01 - 2014-12-21 02:01 - 00003164 _____ () C:\Windows\system32\.crusader 2014-12-21 01:50 - 2014-12-21 02:02 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-21 01:48 - 2014-12-21 02:02 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-21 00:42 - 2014-12-21 00:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-21 00:41 - 2014-12-21 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-12-21 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-21 00:41 - 2014-12-21 00:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-21 00:38 - 2014-12-21 00:38 - 00002464 _____ () C:\Users\Nati\Desktop\JRT.txt 2014-12-21 00:34 - 2014-12-21 00:34 - 00000000 ____D () C:\Windows\ERUNT 2014-12-21 00:28 - 2014-12-21 00:30 - 00000000 ____D () C:\AdwCleaner 2014-12-21 00:23 - 2014-12-21 00:23 - 00000000 __SHD () C:\Users\Nati\AppData\Local\EmieBrowserModeList 2014-12-20 21:58 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-20 21:58 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-20 21:58 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-20 21:57 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-20 21:57 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-20 21:57 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-20 21:57 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-20 21:57 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-20 21:57 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-20 21:57 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-20 21:57 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-20 21:57 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-20 21:57 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-20 21:57 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-20 21:57 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-20 21:57 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-20 21:57 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-20 21:57 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-20 21:57 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-20 21:57 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-20 21:57 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-20 21:57 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-20 21:57 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-20 21:57 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-20 21:57 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-20 21:57 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-20 21:57 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-20 21:57 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-20 21:57 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-12-20 21:57 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-20 21:57 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-20 21:57 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-20 21:57 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-20 21:57 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-20 21:57 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-20 21:57 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 21:36 - 2013-01-10 14:12 - 01668478 _____ () C:\Windows\WindowsUpdate.log 2014-12-27 21:29 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-27 21:29 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-27 21:27 - 2013-01-10 23:05 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-12-27 21:27 - 2013-01-10 23:05 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-12-27 21:27 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-27 21:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-27 21:22 - 2009-07-14 05:51 - 00071168 _____ () C:\Windows\setupact.log 2014-12-21 11:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-21 10:54 - 2014-07-07 21:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-21 10:50 - 2014-07-08 19:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-21 10:50 - 2013-04-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-21 10:45 - 2014-07-08 19:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-21 01:43 - 2012-04-26 06:03 - 00000000 ____D () C:\Windows\no 2014-12-21 01:43 - 2010-11-21 04:47 - 00120446 _____ () C:\Windows\PFRO.log 2014-12-20 23:55 - 2013-03-22 18:55 - 00000000 ____D () C:\Users\Nati\Documents\nachhilfe 2014-12-18 14:02 - 2013-12-26 20:48 - 00000000 ____D () C:\Users\Nati\AppData\Local\Microsoft Games Some content of TEMP: ==================== C:\Users\Nati\AppData\Local\Temp\avgnt.exe C:\Users\Nati\AppData\Local\Temp\Delta.exe C:\Users\Nati\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzgjeoi.dll C:\Users\Nati\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Nati\AppData\Local\Temp\Offercast2802_MYC_.exe C:\Users\Nati\AppData\Local\Temp\pid16.dll C:\Users\Nati\AppData\Local\Temp\pid32.dll C:\Users\Nati\AppData\Local\Temp\PIP26121_MYC_.exe C:\Users\Nati\AppData\Local\Temp\Quarantine.exe C:\Users\Nati\AppData\Local\Temp\SkypeSetup.exe C:\Users\Nati\AppData\Local\Temp\sqlite3.dll C:\Users\Nati\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-18 14:00 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014 Ran by Nati at 2014-12-27 21:37:18 Running from C:\Users\Nati\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2728.00 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated) Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.00.3005 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated) Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3002 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.6.1 - Broadcom Corporation) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated) CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-2552683608-972022576-3084334511-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) ETDWare PS/2-X64 10.6.10.8_WHQL (HKLM\...\Elantech) (Version: 10.6.10.8 - ELAN Microelectronic Corp.) Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.) ExpressCache (HKLM\...\{1E084588-8CC6-4D1B-B904-B1A09DA22A52}) (Version: 1.0.82 - Diskeeper Corporation) FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.) Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) ManyCam 3.1.59 (HKLM-x32\...\ManyCam) (Version: 3.1.59 - ManyCam LLC) M-Audio FastTrack Driver 6.0.6 (x64) (HKLM\...\{91A8C38A-0239-11E0-9658-189EDFD72085}) (Version: 6.0.6 - M-Audio) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mindjet MindManager 2012 (HKLM-x32\...\{B1FD6060-8DF9-4C67-AF5E-7D25A54D1854}) (Version: 10.1.459 - Mindjet) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden QuickShare (HKLM-x32\...\{2B0ECB7D-EA9A-422A-9651-FC195136B031}) (Version: 10.204.60.14277 - Linkury Inc.) <==== ATTENTION Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6612 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.28104 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Sleep Memory Optimizer (HKLM-x32\...\{34BE2594-1D20-4A2E-97A0-B9E2837520AE}) (Version: 1.00.3004 - Acer Incorporated) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3004 - Acer Incorporated) Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated) WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2552683608-972022576-3084334511-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-11-2014 01:04:09 Geplanter Prüfpunkt 15-11-2014 03:00:30 Windows Update 21-12-2014 01:26:43 Geplanter Prüfpunkt 21-12-2014 01:58:42 Prüfpunkt von HitmanPro 21-12-2014 02:01:41 Prüfpunkt von HitmanPro 21-12-2014 10:41:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1405ABAA-138C-4773-BEFD-84E4A41E967B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {42699821-3776-4CB8-84BE-B2B1C69D561A} - System32\Tasks\Smart Timer Task Scheduler => Smart_Timer.exe Task: {440F77D3-C778-45B1-ABFD-BCBF95E8CC23} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated) Task: {4F26350B-95AA-40A1-A0C0-4CD6E0C93969} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {77FE68BD-99DE-486F-BDC1-805E5426DF2F} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2012-03-15] (Acer) Task: {A57B4C2B-824D-41F3-9594-84B788BAD0DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {AB449415-8385-489C-AA5B-9433EC7F4B41} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.) Task: {B92DEADC-87CA-4110-B7A8-46643774F883} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.) ==================== Loaded Modules (whitelisted) ============= 2013-01-10 14:28 - 2012-03-15 05:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2012-06-07 14:38 - 2012-06-07 14:38 - 00235664 _____ () C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe 2012-06-07 14:38 - 2012-06-07 14:38 - 00114320 _____ () C:\Program Files\Acer\Acer Theft Shield\SysCtrl.dll 2012-06-07 14:38 - 2012-06-07 14:38 - 00197776 _____ () C:\Program Files\Acer\Acer Theft Shield\LogMgr2.dll 2012-06-07 14:38 - 2012-06-07 14:38 - 00141456 _____ () C:\Program Files\Acer\Acer Theft Shield\WHNCtrl.dll 2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2014-10-17 19:31 - 2014-10-17 19:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll 2013-01-10 14:31 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-01-10 14:27 - 2012-03-06 08:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Nati^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: Apps Hat => C:\Users\Nati\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe MSCONFIG\startupreg: AppsHat => C:\Users\Nati\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Nati\AppData\Local\Smartbar\Application\QuickShare.exe startup MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: InstantUpdate => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\M-AudioTaskBarIcon.exe MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Power Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SDP => C:\Users\Nati\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto MSCONFIG\startupreg: Secure Applicayion => C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2552683608-972022576-3084334511-500 - Administrator - Disabled) Gast (S-1-5-21-2552683608-972022576-3084334511-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2552683608-972022576-3084334511-1002 - Limited - Enabled) Nati (S-1-5-21-2552683608-972022576-3084334511-1000 - Administrator - Enabled) => C:\Users\Nati ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2014 09:24:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/27/2014 08:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/21/2014 10:57:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/21/2014 10:50:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/21/2014 02:04:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/21/2014 02:01:53 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000230,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003AFEB10.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Error: (12/21/2014 02:01:53 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002cc,(null),0,REG_BINARY,000000000209E360.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {13fa21b8-5e3f-4931-8fce-10f99dcb740a} Error: (12/21/2014 02:01:53 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000ba4,(null),0,REG_BINARY,0000000001D3E520.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {bff800fa-f898-4825-a545-4718225e726b} Error: (12/21/2014 02:01:53 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0000000001EEE910.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {1896099a-5fda-4d1c-938b-a5dde0ccfe1f} Error: (12/21/2014 02:01:53 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002cc,(null),0,REG_BINARY,000000000209E360.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {13fa21b8-5e3f-4931-8fce-10f99dcb740a} System errors: ============= Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD avipbb avkmgr DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Error: (12/21/2014 07:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31 Microsoft Office Sessions: ========================= Error: (05/12/2014 01:44:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4453 seconds with 60 seconds of active time. This session ended with a crash. Error: (06/18/2013 08:02:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz Percentage of memory in use: 62% Total physical RAM: 3933.36 MB Available physical RAM: 1467.69 MB Total Pagefile: 7864.89 MB Available Pagefile: 5023.3 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:292.8 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D3DE0C18) Partition 1: (Not Active) - (Size=15.5 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 18.6 GB) (Disk ID: C18A4E01) Partition 1: (Not Active) - (Size=3.7 GB) - (Type=84) Partition 2: (Not Active) - (Size=14.9 GB) - (Type=73) ==================== End Of Log ============================ Die Funde von Avira kann ich mittlerweile leider nicht mehr anzeigen aber gefunden wurden: ADWARE/Agent.SearchSuite.Q.3 ADWARE/Agent.1877512 ADWARE/Adware.Gen (ca. 10 Mal!) Diese habe ich in Quarantäne verschoben und dann aus der Quarantäne gelöscht. Ich würde mich wirklich sehr über Hilfe freuen! Lg, Natalie |
27.12.2014, 23:56 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
28.12.2014, 10:28 | #3 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Vielen Dank für die schnelle Antwort!
__________________Bei Revo Uninstaller komme ich bis zu dem Schritt wo ich "Moderat" auswähle. Danach kommt jedoch eine Fehlermeldung: The path "C:\Users\Nati\AppData\Local\Temp\Smartbar\b6247edc-3ba0-44d2-a075-72beca9a446b\LinkuryInstaller.msi" cannot be found. Verify that you have access to this Location and try again, or try to find the Installation package 'LinkuryInstaller.msi' in a folder from which you can install the product QuickShare. |
28.12.2014, 19:27 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Das einfach abbrechen, dann sollte Revo weiter machen und die Reste entfernen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.12.2014, 00:55 | #5 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Okay, Danke! Habe nun Combofix durchlaufen lassen. Hier das Logfile: Code:
ATTFilter ComboFix 14-12-25.01 - Nati 29.12.2014 0:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3933.1507 [GMT 1:00] ausgeführt von:: c:\users\Nati\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nati\AppData\Local\Adobe\downloader.dll c:\users\Nati\AppData\Local\Adobe\gccheck.exe c:\users\Nati\AppData\Local\Adobe\gtbcheck.exe . . ((((((((((((((((((((((( Dateien erstellt von 2014-11-28 bis 2014-12-28 )))))))))))))))))))))))))))))) . . 2014-12-28 23:40 . 2014-12-28 23:40 -------- d-----w- c:\users\Nati\AppData\Local\temp 2014-12-28 23:40 . 2014-12-28 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-27 20:36 . 2014-12-27 20:37 -------- d-----w- C:\FRST 2014-12-21 09:54 . 2014-12-21 09:54 -------- d-----w- c:\windows\system32\appraiser 2014-12-21 09:43 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2014-12-21 09:43 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2014-12-21 00:50 . 2014-12-21 01:02 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2014-12-21 00:50 . 2014-12-21 00:50 -------- d-----w- c:\program files\HitmanPro 2014-12-21 00:48 . 2014-12-21 01:02 -------- d-----w- c:\programdata\HitmanPro 2014-12-20 23:42 . 2014-12-20 23:42 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-12-20 23:41 . 2014-12-20 23:41 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-12-20 23:41 . 2014-12-20 23:41 -------- d-----w- c:\programdata\Malwarebytes 2014-12-20 23:41 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-12-20 23:41 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-12-20 23:41 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-12-20 23:34 . 2014-12-20 23:34 -------- d-----w- c:\windows\ERUNT 2014-12-20 23:28 . 2014-12-20 23:30 -------- d-----w- C:\AdwCleaner 2014-12-20 23:23 . 2014-12-20 23:23 -------- d-sh--w- c:\users\Nati\AppData\Local\EmieBrowserModeList 2014-12-20 20:58 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe 2014-12-20 20:58 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll 2014-12-20 20:58 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll 2014-12-20 20:58 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll 2014-12-20 20:58 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll 2014-12-20 20:58 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-21 09:45 . 2014-07-08 18:34 112710672 ----a-w- c:\windows\system32\MRT.exe 2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL 2014-10-25 01:57 . 2014-11-14 22:19 77824 ----a-w- c:\windows\system32\packager.dll 2014-10-25 01:32 . 2014-11-14 22:19 67584 ----a-w- c:\windows\SysWow64\packager.dll 2014-10-18 02:05 . 2014-11-14 22:18 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-10-18 01:33 . 2014-11-14 22:18 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2014-10-14 10:20 . 2013-05-23 18:30 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-10-14 10:20 . 2013-05-20 09:46 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-10-14 10:20 . 2013-05-20 09:46 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-10-14 02:16 . 2014-11-14 22:19 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-10-14 02:13 . 2014-11-14 22:19 683520 ----a-w- c:\windows\system32\termsrv.dll 2014-10-14 02:13 . 2014-11-14 22:18 3241984 ----a-w- c:\windows\system32\msi.dll 2014-10-14 02:12 . 2014-11-14 22:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-10-14 02:09 . 2014-11-14 22:19 146432 ----a-w- c:\windows\system32\msaudite.dll 2014-10-14 02:07 . 2014-11-14 22:19 681984 ----a-w- c:\windows\system32\adtschema.dll 2014-10-14 01:50 . 2014-11-14 22:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-10-14 01:50 . 2014-11-14 22:18 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-10-14 01:49 . 2014-11-14 22:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-10-14 01:47 . 2014-11-14 22:19 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2014-10-14 01:46 . 2014-11-14 22:19 681984 ----a-w- c:\windows\SysWow64\adtschema.dll 2014-10-10 00:57 . 2014-11-14 22:19 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-10-03 02:12 . 2014-11-14 22:19 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2014-10-03 02:11 . 2014-11-14 22:19 284672 ----a-w- c:\windows\system32\EncDump.dll 2014-10-03 02:11 . 2014-11-14 22:19 680960 ----a-w- c:\windows\system32\audiosrv.dll 2014-10-03 02:11 . 2014-11-14 22:19 440832 ----a-w- c:\windows\system32\AudioEng.dll 2014-10-03 02:11 . 2014-11-14 22:19 296448 ----a-w- c:\windows\system32\AudioSes.dll 2014-10-03 01:44 . 2014-11-14 22:19 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll 2014-10-03 01:44 . 2014-11-14 22:19 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll 2014-10-03 01:44 . 2014-11-14 22:19 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-27 702768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] " Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" [2014-11-21 54072] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\users\Nati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x] S2 FFSOpzSvc;Sleep memory optimizer;c:\program files\Sleep Memory Optimizer\FFSService.exe;c:\program files\Sleep Memory Optimizer\FFSService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 USecuAppSvc;Acer Theft Shield Service;c:\program files\Acer\Acer Theft Shield\USecuAppSvc.exe;c:\program files\Acer\Acer Theft Shield\USecuAppSvc.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}] 2012-02-27 03:12 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\Nati\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "*Restore"="c:\windows\system32\rstrui.exe" [2014-08-19 296960] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = about:blank mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Bild an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201 IE: Link an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203 IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Seite an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204 IE: Text an MindManager senden - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{4D594333-2D56-3700-76A7-7A786E7484D7} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2552683608-972022576-3084334511-1000\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c8, 04,98,bd,e4,0c,bf,9d,b0,17,85,6a,fa,df "{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,ea,07, 91,34,5b,b3,05,9c,0a,5b,ec,16,9b,c6,3a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,27, 8c,37,19,d8,04,94,c7,1b,24,7f,4c,24,da "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,60,15, c8,7f,40,01,0e,bb,a6,08,03,d1,56,33,5c "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,92, 6e,f0,65,45,03,ad,f2,41,fc,14,7c,e4,62 "{338A754C-B46E-4BF2-8AC8-23DE36862AD3}"=hex:51,66,7a,6c,4c,1d,38,12,22,76,99, 37,5c,fa,9c,0e,f5,de,60,9e,33,d8,6e,c7 "{AE07101B-46D4-4A98-AF68-0333EA26E113}"=hex:51,66,7a,6c,4c,1d,3b,1b,0b,0c,10, b2,e1,13,ff,04,b5,63,49,73,e3,62,a6,0f "{31AD400D-1B06-4E33-A59A-90C2C140CBA0}"=hex:51,66,7a,6c,4c,1d,3b,1b,1d,5c,ba, 2d,33,4e,54,00,bf,91,da,82,c8,04,8c,bc "{60EACC1A-33FA-443D-9846-17B28E2C9BDB}"=hex:51,66,7a,6c,4c,1d,3b,1b,0a,d0,fd, 7c,cf,66,5a,0a,82,4d,5d,f2,87,68,dc,c7 "{AA74D58F-ACD0-450D-A85E-6C04B171C044}"=hex:51,66,7a,6c,4c,1d,3b,1b,9f,c9,63, b6,e5,f9,6a,0b,b2,55,26,44,b8,35,87,58 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-12-29 00:43:30 ComboFix-quarantined-files.txt 2014-12-28 23:43 . Vor Suchlauf: 11 Verzeichnis(se), 320.720.195.584 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 321.125.666.816 Bytes frei . - - End Of File - - 935EF2A9CA96AE5369BB40131BCC4E53 "Die Systemwiederherstellung wurde nicht erfolgreich ausgeführt. Die Systemdateien und Einstellungen des Computers wurden nicht geändert. Details: Die Systemwiederherstellung wird noch ausgeführt oder wurde nicht abgeschlossen. Sie können die Systemwiederherstellung erneut ausführen und dabei einen anderen Wiederherstellungspunkt auswählen. Sollte der Fehler weiterhin auftreten, können Sie eine erweiterte Wiederherstellungsmethode verwenden. Weitere Informationen finden Sie unter Worum handelt es sich bei einer Wiederherstellung? " Allerdings ist nun wieder mein gewöhnlicher Desktop mit allen Symbolen und die Windows-Startleiste erschienen. Danke!! |
29.12.2014, 01:20 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster |
29.12.2014, 13:16 | #7 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Habe alles durchlaufen lassen, wurde meist nichts gefunden, da ich diese Programme schon einmal verwendet habe bevor ich mich an euch gewandt habe! Hier die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.12.2014 Suchlauf-Zeit: 12:28:47 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.29.04 Rootkit Datenbank: v2014.12.23.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Nati Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 355620 Verstrichene Zeit: 12 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 29/12/2014 um 12:53:50 # Aktualisiert 21/12/2014 von Xplode # Database : 2014-12-28.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Nati - NATI-PC # Gestartet von : C:\Users\Nati\Desktop\AdwCleaner_4.106.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v31.0 (x86 de) ************************* AdwCleaner[R0].txt - [27943 octets] - [21/12/2014 00:28:35] AdwCleaner[R1].txt - [1014 octets] - [29/12/2014 12:47:15] AdwCleaner[S0].txt - [25475 octets] - [21/12/2014 00:30:39] AdwCleaner[S1].txt - [937 octets] - [29/12/2014 12:53:50] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [996 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Nati on 29.12.2014 at 13:02:21,65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.12.2014 at 13:05:39,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by Nati (administrator) on NATI-PC on 29-12-2014 13:11:01 Running from C:\Users\Nati\Desktop Loaded Profile: Nati (Available profiles: Nati) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\Nati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2552683608-972022576-3084334511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2552683608-972022576-3084334511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2552683608-972022576-3084334511-1000 -> No Name - {4D594333-2D56-3700-76A7-7A786E7484D7} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default\Extensions\abs@avira.com [2014-10-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-14] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-28] (Atheros Commnucations) [File not signed] R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation) R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] () S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [235664 2012-06-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-06] (Avira Operations GmbH & Co. KG) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-21] () R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-14] (Intel Corporation) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 13:10 - 2014-12-29 13:10 - 00000000 ____D () C:\Users\Nati\Desktop\FRST-OlderVersion 2014-12-29 13:05 - 2014-12-29 13:05 - 00000624 _____ () C:\Users\Nati\Desktop\JRT.txt 2014-12-29 13:01 - 2014-12-29 13:01 - 01707939 _____ (Thisisu) C:\Users\Nati\Desktop\JRT.exe 2014-12-29 12:46 - 2014-12-29 12:46 - 02173952 _____ () C:\Users\Nati\Desktop\AdwCleaner_4.106.exe 2014-12-29 12:45 - 2014-12-29 12:45 - 00001200 _____ () C:\Users\Nati\Desktop\mbam.txt 2014-12-29 12:28 - 2014-12-29 12:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-29 12:25 - 2014-12-29 12:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nati\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-29 00:43 - 2014-12-29 00:43 - 00028031 _____ () C:\ComboFix.txt 2014-12-29 00:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-29 00:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-29 00:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-29 00:35 - 2014-12-29 00:43 - 00000000 ____D () C:\Qoobox 2014-12-29 00:35 - 2014-12-29 00:42 - 00000000 ____D () C:\Windows\erdnt 2014-12-29 00:11 - 2014-12-29 00:11 - 05603624 ____R (Swearware) C:\Users\Nati\Desktop\ComboFix.exe 2014-12-28 10:16 - 2014-12-28 10:16 - 00000000 ____D () C:\Users\Nati\Desktop\RevoUninstallerPortable 2014-12-28 10:15 - 2014-12-28 10:15 - 02785665 _____ (PortableApps.com) C:\Users\Nati\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe 2014-12-28 10:11 - 2014-12-28 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nati\Desktop\revosetup95.exe 2014-12-28 01:00 - 2014-12-28 10:11 - 00000736 _____ () C:\Users\Nati\Desktop\Revo Uninstaller.lnk 2014-12-28 00:59 - 2014-12-28 00:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nati\Downloads\revosetup95.exe 2014-12-27 21:37 - 2014-12-27 21:37 - 00036215 _____ () C:\Users\Nati\Desktop\Addition.txt 2014-12-27 21:36 - 2014-12-29 13:11 - 00014815 _____ () C:\Users\Nati\Desktop\FRST.txt 2014-12-27 21:36 - 2014-12-29 13:11 - 00000000 ____D () C:\FRST 2014-12-27 21:35 - 2014-12-29 13:10 - 02123264 _____ (Farbar) C:\Users\Nati\Desktop\FRST64.exe 2014-12-27 21:09 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-27 21:09 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-21 10:54 - 2014-12-21 10:54 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-21 10:43 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-21 10:43 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-21 02:01 - 2014-12-21 02:01 - 00003164 _____ () C:\Windows\system32\.crusader 2014-12-21 01:50 - 2014-12-21 02:02 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-21 01:48 - 2014-12-21 02:02 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-21 00:42 - 2014-12-29 12:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-21 00:41 - 2014-12-29 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-12-29 12:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-12-21 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-21 00:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-21 00:34 - 2014-12-21 00:34 - 00000000 ____D () C:\Windows\ERUNT 2014-12-21 00:28 - 2014-12-29 12:53 - 00000000 ____D () C:\AdwCleaner 2014-12-21 00:23 - 2014-12-21 00:23 - 00000000 __SHD () C:\Users\Nati\AppData\Local\EmieBrowserModeList 2014-12-20 21:58 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-20 21:58 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-20 21:58 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-20 21:57 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-20 21:57 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-20 21:57 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-20 21:57 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-20 21:57 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-20 21:57 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-20 21:57 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-20 21:57 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-20 21:57 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-20 21:57 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-20 21:57 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-20 21:57 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-20 21:57 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-20 21:57 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-20 21:57 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-20 21:57 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-20 21:57 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-20 21:57 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-20 21:57 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-20 21:57 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-20 21:57 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-20 21:57 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-20 21:57 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-20 21:57 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-12-20 21:57 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-20 21:57 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-20 21:57 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-20 21:57 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-20 21:57 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-20 21:57 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-20 21:57 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 13:02 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-29 13:02 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-29 12:59 - 2013-01-10 23:05 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-12-29 12:59 - 2013-01-10 23:05 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-12-29 12:59 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-29 12:54 - 2013-01-10 14:12 - 02042439 _____ () C:\Windows\WindowsUpdate.log 2014-12-29 12:54 - 2010-11-21 04:47 - 00121564 _____ () C:\Windows\PFRO.log 2014-12-29 12:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-29 12:54 - 2009-07-14 05:51 - 00071336 _____ () C:\Windows\setupact.log 2014-12-29 00:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-29 00:40 - 2013-03-17 14:37 - 00000000 ____D () C:\Users\Nati\AppData\Local\Adobe 2014-12-29 00:39 - 2012-04-26 06:15 - 00000000 ____D () C:\ProgramData\Temp 2014-12-21 11:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-21 10:54 - 2014-07-07 21:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-21 10:50 - 2014-07-08 19:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-21 10:50 - 2013-04-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-21 10:45 - 2014-07-08 19:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-21 01:43 - 2012-04-26 06:03 - 00000000 ____D () C:\Windows\no 2014-12-20 23:55 - 2013-03-22 18:55 - 00000000 ____D () C:\Users\Nati\Documents\nachhilfe 2014-12-18 14:02 - 2013-12-26 20:48 - 00000000 ____D () C:\Users\Nati\AppData\Local\Microsoft Games Some content of TEMP: ==================== C:\Users\Nati\AppData\Local\temp\avgnt.exe C:\Users\Nati\AppData\Local\temp\Quarantine.exe C:\Users\Nati\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-27 23:44 ==================== End Of Log ============================ |
29.12.2014, 21:31 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" DateifensterESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.12.2014, 13:03 | #9 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Das Logfile vom ESET Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=28a954e4f35fe84eb2bdbf5a66494872 # engine=21746 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-30 12:24:06 # local_time=2014-12-30 01:24:06 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 15675 50856031 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 46029225 171528896 0 0 # scanned=280201 # found=138 # cleaned=0 # scan_time=10191 sh=16EA32333E70AC8C516FA3867B521AE714EFAFB2 ft=1 fh=c71c0011c84760bd vn="Win32/Somoto.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Minibar\Minibar.dll.vir" sh=625815A0FA8FE0B409418AFD62964C7566381BF5 ft=1 fh=7d393c8f24228169 vn="Variante von Win32/AdWare.Bandoo.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\configmgrc2.cfg.vir" sh=23045D7FCFB0FB16E8B2FBDB2E2FEAA0CF312F0B ft=1 fh=57cf1a6ddb367c61 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\del_DM_LL_nsvB274.dll.vir" sh=C1C42C16DC434B285A68EBAD53CE63CFC708E476 ft=1 fh=6cb8af9cc72c123f vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Helper.dll.vir" sh=4710186F76E0437125D9540C2019DB5947FEE2C7 ft=1 fh=ded2f47dfd4e0c0b vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Internet Explorer Settings.exe.vir" sh=0B1F14435BF8B7FE9AD4FF09F2C905035D98D96B ft=1 fh=15b3e45784925372 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll.vir" sh=174CC3B9115122B8DF24E8BF342AE93CF2E4CBB1 ft=1 fh=f493daa78d147f22 vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll.vir" sh=D24C5C9C72D4E9FEE1DF3F0B570230DBC743275E ft=1 fh=7f9fe1ea672ceece vn="Variante von Win32/Toolbar.SearchSuite.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr_u.dll.vir" sh=86D147BB7560FDB43AD529603F65BD3057856244 ft=1 fh=777cf6b8eaf4cdf1 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.dll.vir" sh=384D42777D7A165AD9C74A79469E1A031B58387A ft=1 fh=acd61f4da63f470a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe.vir" sh=FCFD2C34A0ABA93FAC9D0144B62628C139A788E2 ft=1 fh=443f30a995f07117 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut_ie.dll.vir" sh=BFDC3839ACE19D582651CBDBCA401D85ACB87CEE ft=1 fh=c71c0011ea55d4ef vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\dtUser.exe.vir" sh=9806D2B4733D6E62551C9295E03AAB7FE6F59602 ft=1 fh=edeaa862d9deaa1c vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\__searchresultsDx.dll.vir" sh=0E1462166CDA34F0C6189A1CAA8273CF1B100E32 ft=1 fh=27ef10f86ee6df92 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~1\IE\__searchresultstb.dll.vir" sh=D0EC1B6DD7B2F2FB8635674743EAD52625B9A799 ft=1 fh=66b2d24ebf95802e vn="Variante von Win64/Adware.Bandoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\configmgrc2.cfg.vir" sh=842E24AC176AA5E6ECCB592EBC48F72EF45CFFE0 ft=1 fh=a7666bf04ef8fa60 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\del_DM_LL_nsvB274.dll.vir" sh=C0F415F49161BB3E2ED9D5B86B80FAE57A335A04 ft=1 fh=3f0411159f818e8e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\Internet Explorer Settings.exe.vir" sh=8696D486809128D7B46269ABA8C72B1667D77528 ft=1 fh=205a504fa6c4736c vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll.vir" sh=0B02248F7BD79596AC9D3C164CB2136344689A3F ft=1 fh=f06975717bfd52ec vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll.vir" sh=EA8AF181F3371B9FE2DE42ABB2DF735405CD12E6 ft=1 fh=e2b6a84c44d15a52 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr_u.dll.vir" sh=C0F8E249109A9465A6F7794F858BDCE4920D6FA6 ft=1 fh=e55400762c27a71a vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut.dll.vir" sh=0C1EA0835B4BD3479B3C931F5E1B25A585F23919 ft=1 fh=81eae601f5c92f01 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut_ie.dll.vir" sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir" sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir" sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir" sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir" sh=76039D5A64EF897B1AA388EED70452774019DB59 ft=1 fh=890f56b03e669e11 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir" sh=C82A58CCD0C37D86C01DE571BA184F95442E3E33 ft=1 fh=49d1d5295ae45561 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir" sh=CC9D2C4D7CF55EDB1AAB850D82C90C782F6D60CB ft=1 fh=e885dc59338e11cf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir" sh=15A4AA68876B7FF41E0660E492189F62157E7632 ft=1 fh=30a0efc9f04544e0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir" sh=A3B4CB1E3F6F85CB162A684090C27784819C1854 ft=1 fh=c409562e87f07cf0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\NDde.dll.vir" sh=A34B4770ECFD4AFFA8CDA4514F259664B771028D ft=1 fh=33f2ef1ba2a18b81 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir" sh=852A2778AECC73DC7A732775E638693203A0E51C ft=1 fh=666e81546e7aa4ff vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\QuickShare.exe.vir" sh=3A1566F944B43E6A6DB5C4F1267616459C6F870C ft=1 fh=bfbfca7059771129 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sgml.dll.vir" sh=E9785BBA07CC86355CCF6E468747377D5C59425D ft=1 fh=bd69ee5f80807030 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sidb.dll.vir" sh=BDE1F681BCDDA1A48522EEA2E4379418B45B9F48 ft=1 fh=3f2774c1601b76a6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\siem.dll.vir" sh=6A90FACD12DB236DEFD5DE5329E5F5BCD0BA4ECA ft=1 fh=a260d8e41051266c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sipb.dll.vir" sh=FCB54F4011E781812E09D6C160C791E374353958 ft=1 fh=d4681ff481fd3b5e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sismlp.dll.vir" sh=AB5A99CCA41996CB537F6D3B05FC0B3F2C0B83C4 ft=1 fh=bc783ca70d0515b0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir" sh=001267D9A6414C16002F3392F7E764FF65BE866F ft=1 fh=c397bbdf380d86d0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir" sh=C19444701116D1394BF70D651D0C11DF5964B609 ft=1 fh=531bf79d34ce1efd vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir" sh=C428CAFF8566B94100113479B263BCE98800DDBA ft=1 fh=c1174de2c88fefd5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir" sh=28F099B5A54ED47C8CAC0B946692F2EF0124D09E ft=1 fh=93b50009eca34acd vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir" sh=3385AFA16580F24BCED12BDD74F6C4F759AE1D38 ft=1 fh=f6f674d9e98d4519 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir" sh=F24C44A88B0242E6EE896697923418EA92383984 ft=1 fh=4db6f45ac43f5ad1 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir" sh=33F6319D0AA55BA0E9C7D96F4D5CBD2567615729 ft=1 fh=b4a479db33ac29e8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir" sh=F5C3D8C233B9DEDDED31F514926AA87918EC875D ft=1 fh=65d42c774a1cdb14 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir" sh=FEE85B80E6B367BD0EE86C06D32AAE6EBA992DB1 ft=1 fh=c6cc5423b83d0599 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir" sh=70BA0EA60FED04285FE973B9E7D4E5337E0E6848 ft=1 fh=53fb790f6185a754 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=C748043A9DF01C42DD9EBC8575C16B9541BE381E ft=1 fh=cc4935afc5c1d194 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir" sh=2FE5549E17879FA8CEBD32F8B8BB7D84FCB1C067 ft=1 fh=ae9ff0cdc6ccaa6b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir" sh=27EB17BD19A86BC979AC5BE94257815BD285A4AA ft=1 fh=69ca82e3a237e50b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir" sh=2A72DC9C87BA22464851B20D7A06C73660B03101 ft=1 fh=945321e6bed7db0f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir" sh=E0EC2BBC51778E193077264B986FD8A793FE0B44 ft=1 fh=98b4c2105e158929 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=E0EC2BBC51778E193077264B986FD8A793FE0B44 ft=1 fh=98b4c2105e158929 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir" sh=BD154BDB66A99CA6144990AE7423FBA1A488167A ft=1 fh=e7263284498de1bd vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=BD154BDB66A99CA6144990AE7423FBA1A488167A ft=1 fh=e7263284498de1bd vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir" sh=723D6304C75F19802A2E53DBCF5AA26C417D864B ft=1 fh=c0e8866f48b0c1c1 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir" sh=478629AE123300DA7445EEF3EFAB9DAC817EA589 ft=1 fh=4c41741990f2accf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\spbe.dll.vir" sh=E02A1BEBCCADB4242673C1423371251C23E143A5 ft=1 fh=309440011a0f9ba6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\spbl.dll.vir" sh=F596CA6EBE5C283AC792C6F8D0E3304A48EAB1D4 ft=1 fh=d7eab5117519d962 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sppsm.dll.vir" sh=01474D7BF48DC5A316C85E130F0927D7031B4308 ft=1 fh=944259a49d496849 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\spsm.dll.vir" sh=2E253B0C442ED1CA4E422A936E0EF30CE9F08798 ft=1 fh=317a2c2d773298c2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\spusm.dll.vir" sh=6FE9C4316A8F1A22A45FFCD97E44C48350F3DEDC ft=1 fh=8b2eb6c32647e4d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srau.dll.vir" sh=A2A842F73F4B74B23496E53F153F6E24C2EF4ABF ft=1 fh=48f42efd39e02f18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srbhu.dll.vir" sh=C255E51E301A9515EE7147DFED25813C8794E36D ft=1 fh=b2590a884731dd4d vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srbs.dll.vir" sh=C0CC3A2027417A4BD2AE1B1115CEA30F55CFFAD8 ft=1 fh=abe6e417800c3baf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srgu.dll.vir" sh=845107232E69566DB273D1A6810D2190293FAF30 ft=1 fh=c9a75108fe2a935f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srns.dll.vir" sh=D0B090EA19023B9404BE66108E8F4638EA4CFB60 ft=1 fh=fad9b91e10ec1cce vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srpdm.dll.vir" sh=1BB7AD6C31EE151AFFDA89181F22A367B74FBC67 ft=1 fh=87ef6d1c67997538 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srprl.dll.vir" sh=0DF4E10D96FC506B18C33160A2A0E1AF485D6E5E ft=1 fh=d84f4342481d0a0c vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srpu.dll.vir" sh=040BD1E66EADDD563E6FDF941D1749961B2AE506 ft=1 fh=e9f9f9e5d5a9a663 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srsbs.dll.vir" sh=24BD5D34BE8FF1922B1A872472B3B83E2F5A6C14 ft=1 fh=c2f935c4933ce3d8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srsbsau.dll.vir" sh=8FB2C7B2B28DBCF3D640B74DD61E3700CBC2CF73 ft=1 fh=e86f04065ddf4859 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srsl.dll.vir" sh=65DF4EEF826A3674B8780821CE6395C4ABBDF02E ft=1 fh=5ff3960cf3fd2384 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\sruhs.dll.vir" sh=3707A8678F3D558E453804E1D84CC4FC1B1881D7 ft=1 fh=5d5c5d5a5783a144 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srus.dll.vir" sh=5784E1C7154EE76F30A5F6A2E4862F6AC415B6C5 ft=1 fh=f9c0f339bc7bfe98 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\srut.dll.vir" sh=BFE1DAE605DAE04ED5495D0C3F6994921CE9A94E ft=1 fh=7a52d2b00140cb3b vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir" sh=8CC16D39BD3438FE1B560E48A834DF85BC0E24A2 ft=1 fh=513756e09430f91f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=A3356904B414DA1B979B92B4591C92B8D3471853 ft=1 fh=57a334510677d757 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=2A2037D077652102EFC317550474DD4E7B6E6E19 ft=1 fh=10f3ea593315b3e4 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=38E7A132E365E4A8950DB6C3DF36CB4A21707310 ft=1 fh=e059c8f134237fa5 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=9645B0CA23FA4A74368ECF54EB52070E2F506B2A ft=1 fh=a9a90615fbe305d6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir" sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir" sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir" sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir" sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir" sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir" sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir" sh=2A7C66FF21099D0DF242BBCB881E7BA256CB469C ft=1 fh=ec452a86a5756fd7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=5D18D15B9A7B213F5F9171D4492FC3DF6A23006F ft=1 fh=68b80c87a89d6b0b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=2702C04465467CE6BEFC13D22C2A6F4E1CD35486 ft=1 fh=cf83799b4a091df6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=AEFA7783075FF79E0408F2A6D4CC0366B56FC790 ft=1 fh=5397b610e4cf6303 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=6C4ADBDAD54492942554C7D34C979359A86B6F0A ft=1 fh=0252ec7dc3f92696 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=B0241E2E98CAAC99D0C3F9AF5682A770D5E307ED ft=1 fh=332b02ef996a9dbd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir" sh=42577DD2095997CE785871CEB60F6A91B990E24A ft=1 fh=ca129f4ba48ac82e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir" sh=4AA02785A32F4737A3943A8D49E1939E57A92C8C ft=1 fh=911f076099899433 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir" sh=7AE4F4ED8B42B90E18B728A914BF36A1BA8C292B ft=1 fh=cd48b1b4f86f254c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir" sh=55B9EDE378C8EFDAEF75683E081D9580069A7F35 ft=1 fh=56cee4d97b58df70 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir" sh=CC9932AA1F7A79E245BD821793EBE2E114D80EB2 ft=1 fh=d321cfc18962a043 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir" sh=7D298EB5CE33445AB03A015ABC0C944B813BC55C ft=1 fh=51b8cb9f77c36088 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir" sh=686CFC5880F4386E88B4D20365AD72CB4A0ABDA4 ft=1 fh=d9be80a1acfd5d53 vn="Variante von Win32/AdWare.SpeedingUpMyPC.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Local\Temp\OptimizerPro.exe.vir" sh=0DA3E162767FFBB4E17939BA34189908B51C82A7 ft=1 fh=d988edb41e38de4c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF10.dll.vir" sh=8D082779F692FE1AC538183A435D1761F5002F14 ft=1 fh=029673bc0266ed8a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF11.dll.vir" sh=145B54FB14F3DC7F8693F4911145E3F6B165E912 ft=1 fh=9f555ba8b751e2c2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF12.dll.vir" sh=223B7CE87B8D9493A9DD816C3A285E40285D7381 ft=1 fh=10c110c1e207e4da vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF13.dll.vir" sh=E1D2AEF519F5AB909FF40A2561C91CCD44A00417 ft=1 fh=1dfff4fbc4a3cf69 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF14.dll.vir" sh=6C7B9361DE42CD9A62BBD16CEEBF0DD0B1B0051E ft=1 fh=f2c708a9cf11bc33 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF15.dll.vir" sh=D45170610BFB92765C7E56679418FECD275CC0B8 ft=1 fh=72d55a44e3e57c20 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF16.dll.vir" sh=21F243B82790EA3E7D590A7A266A64ECB0A6D19B ft=1 fh=02568ce8b55cf4e5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF17.dll.vir" sh=31F76245B1662FA8C84F5186F72CADC6A3E7CC31 ft=1 fh=884e23059828d3de vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF18.dll.vir" sh=948D19EFC790E718D824CCE913C8B6DC1AFC66B8 ft=1 fh=47411e479d18c83e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF19.dll.vir" sh=247C72BA28E5E3FDCA7675167D2BA14D4087A3CE ft=1 fh=4f43879150bbb34a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF2.dll.vir" sh=0D3858531E5EA55024FB3577626A6CB609C0C513 ft=1 fh=ee2257ad35fa5204 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF20.dll.vir" sh=5E7E4A655C4302106427909FC137BA1D9F084B0B ft=1 fh=3f72fc800e772ef7 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF21.dll.vir" sh=C3063A33B7C3F6BD74191CF4C9769BCEF57C37FC ft=1 fh=177e8857ec01f9d6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF22.dll.vir" sh=3009D61C2128D506D1214A925FA98FDD0C12CCD0 ft=1 fh=8569d4a60cee1eea vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF23.dll.vir" sh=F4BCE15741A1CE6143A643349C14556B86A8B20F ft=1 fh=e89d9b7de2346e4d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF24.dll.vir" sh=3D27C2E33AC5C68FDCCAA453B47C8CF552860EFA ft=1 fh=140fc7b297b42a17 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF25.dll.vir" sh=CA9E902773724FFE279DAC9D67B2C89726D5FBE7 ft=1 fh=1b860f9073dcbd83 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF26.dll.vir" sh=69638A5877E23D089BB88A0B10D29D615B4526AD ft=1 fh=6590f6c7138e8184 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF27.dll.vir" sh=251F59494EE70DF9DD33FD53D0E4E87AABC587D4 ft=1 fh=78df21491ed47011 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF28.dll.vir" sh=47405FDC9A7BE8B442615C310B6A30CB5DC40195 ft=1 fh=f362bb536715a38e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF29.dll.vir" sh=227E473AB2545D301BFD49DB4B2DD3B610EB08DD ft=1 fh=235588277d5d9b88 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF30.dll.vir" sh=E0C0C3DF45A316421412A38AE33563BBFFDBBBC2 ft=1 fh=3b883866c2c72153 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF31.dll.vir" sh=7C0178655E872FDA03F63251B870602332A9EFFF ft=1 fh=997f942f73be774a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF4.dll.vir" sh=A80B498E533DA831B22E0E0D6E15B22A12464328 ft=1 fh=900d77bd28385dfe vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF5.dll.vir" sh=9642B7F3D7E6B6731D19C7FAEDF4B4CE4F8273CA ft=1 fh=ae3a6743049e556f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF6.dll.vir" sh=E09340870264BF9EABF20F0D23F31407A741BCC0 ft=1 fh=6e5ba1ef6cf84cab vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF7.dll.vir" sh=AE6D69B056DC894721A5E9D8674379402FAB2A1D ft=1 fh=f9e3a27a02e9e812 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF8.dll.vir" sh=98B89F291BED0A5A382720FE887B34E32DFEFD7F ft=1 fh=3c4d2b2924910d9a vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nati\AppData\Roaming\Movies Toolbar\SafetyNut\components\SafetyNutHlpFF9.dll.vir" sh=25117F8A564F6032CF0CF4556F510B1D76109A1B ft=1 fh=e5bac0081a99abfe vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=C24089D407E6280B79BEC86532E9DE0118E4DE71 ft=1 fh=c71c0011cedfdcb5 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nati\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" sh=B1A68C4BD7D8782CEE180580311081F423E8638B ft=1 fh=b0d19998d0be5414 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=4A473A16CDF7E5A3252B84B8F62B8EC6C206C962 ft=1 fh=91f6768e8d3b30f9 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="E:\user@8530P\#DOC\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe" sh=4A473A16CDF7E5A3252B84B8F62B8EC6C206C962 ft=1 fh=91f6768e8d3b30f9 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="E:\user@8530P\#DOC\Bibliotheken\Documents\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe" sh=4A473A16CDF7E5A3252B84B8F62B8EC6C206C962 ft=1 fh=91f6768e8d3b30f9 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="E:\$RECYCLE.BIN\$RG88865.exe" Sobald ich eine beliebige Taste drücke um den Security Check zu beginnen kommt folgendes: "UNSUPPORTED OPERATING SYSTEM! ABORTED!" |
31.12.2014, 00:48 | #10 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Lass SecurityCheck weg und mach noch den Rest
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.12.2014, 02:01 | #11 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster okay hier ein neues FST logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by Nati (administrator) on NATI-PC on 31-12-2014 01:58:57 Running from C:\Users\Nati\Desktop Loaded Profiles: Nati & (Available profiles: Nati) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\Nati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2552683608-972022576-3084334511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2552683608-972022576-3084334511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-2552683608-972022576-3084334511-1000 -> No Name - {4D594333-2D56-3700-76A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {4D594333-2D56-3700-76A7-7A786E7484D7} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Nati\AppData\Roaming\Mozilla\Firefox\Profiles\np1aam23.default\Extensions\abs@avira.com [2014-10-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-14] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-27] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-28] (Atheros Commnucations) [File not signed] R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-02-17] (Diskeeper Corporation) R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-17] (Acer Incorporated) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-15] () S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-03-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-15] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [235664 2012-06-07] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-06] (Avira Operations GmbH & Co. KG) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-02-17] (Diskeeper Corporation) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [92976 2012-02-17] (Diskeeper Corporation) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-21] () R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-14] (Intel Corporation) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-30 12:55 - 2014-12-30 12:58 - 00852505 _____ () C:\Users\Nati\Desktop\SecurityCheck.exe 2014-12-29 22:18 - 2014-12-29 22:18 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-29 13:10 - 2014-12-29 13:10 - 00000000 ____D () C:\Users\Nati\Desktop\FRST-OlderVersion 2014-12-29 13:05 - 2014-12-29 13:05 - 00000624 _____ () C:\Users\Nati\Desktop\JRT.txt 2014-12-29 13:01 - 2014-12-29 13:01 - 01707939 _____ (Thisisu) C:\Users\Nati\Desktop\JRT.exe 2014-12-29 12:46 - 2014-12-29 12:46 - 02173952 _____ () C:\Users\Nati\Desktop\AdwCleaner_4.106.exe 2014-12-29 12:45 - 2014-12-29 12:45 - 00001200 _____ () C:\Users\Nati\Desktop\mbam.txt 2014-12-29 12:28 - 2014-12-29 12:28 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-29 12:25 - 2014-12-29 12:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nati\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-29 00:43 - 2014-12-29 00:43 - 00028031 _____ () C:\ComboFix.txt 2014-12-29 00:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-29 00:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-29 00:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-29 00:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-29 00:35 - 2014-12-29 00:43 - 00000000 ____D () C:\Qoobox 2014-12-29 00:35 - 2014-12-29 00:42 - 00000000 ____D () C:\Windows\erdnt 2014-12-29 00:11 - 2014-12-29 00:11 - 05603624 ____R (Swearware) C:\Users\Nati\Desktop\ComboFix.exe 2014-12-28 10:16 - 2014-12-28 10:16 - 00000000 ____D () C:\Users\Nati\Desktop\RevoUninstallerPortable 2014-12-28 10:15 - 2014-12-28 10:15 - 02785665 _____ (PortableApps.com) C:\Users\Nati\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe 2014-12-28 10:11 - 2014-12-28 10:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nati\Desktop\revosetup95.exe 2014-12-28 01:00 - 2014-12-28 10:11 - 00000736 _____ () C:\Users\Nati\Desktop\Revo Uninstaller.lnk 2014-12-28 00:59 - 2014-12-28 00:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nati\Downloads\revosetup95.exe 2014-12-27 21:37 - 2014-12-27 21:37 - 00036215 _____ () C:\Users\Nati\Desktop\Addition.txt 2014-12-27 21:36 - 2014-12-31 01:58 - 00015927 _____ () C:\Users\Nati\Desktop\FRST.txt 2014-12-27 21:36 - 2014-12-31 01:58 - 00000000 ____D () C:\FRST 2014-12-27 21:35 - 2014-12-29 13:10 - 02123264 _____ (Farbar) C:\Users\Nati\Desktop\FRST64.exe 2014-12-27 21:09 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-27 21:09 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-21 10:54 - 2014-12-21 10:54 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-21 10:43 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-21 10:43 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-21 02:01 - 2014-12-21 02:01 - 00003164 _____ () C:\Windows\system32\.crusader 2014-12-21 01:50 - 2014-12-21 02:02 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-12-21 01:50 - 2014-12-21 01:50 - 00000000 ____D () C:\Program Files\HitmanPro 2014-12-21 01:48 - 2014-12-21 02:02 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-12-21 00:42 - 2014-12-30 21:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-21 00:41 - 2014-12-29 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-12-29 12:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-21 00:41 - 2014-12-21 00:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-21 00:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-21 00:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-21 00:34 - 2014-12-21 00:34 - 00000000 ____D () C:\Windows\ERUNT 2014-12-21 00:28 - 2014-12-29 12:53 - 00000000 ____D () C:\AdwCleaner 2014-12-21 00:23 - 2014-12-21 00:23 - 00000000 __SHD () C:\Users\Nati\AppData\Local\EmieBrowserModeList 2014-12-20 21:58 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-20 21:58 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-20 21:58 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-20 21:58 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-20 21:57 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-20 21:57 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-20 21:57 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-20 21:57 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-20 21:57 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-20 21:57 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-20 21:57 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-20 21:57 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-20 21:57 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-20 21:57 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-20 21:57 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-20 21:57 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-20 21:57 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-20 21:57 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-20 21:57 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-20 21:57 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-20 21:57 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-20 21:57 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-20 21:57 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-20 21:57 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-20 21:57 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-20 21:57 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-20 21:57 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-20 21:57 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-20 21:57 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-20 21:57 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-20 21:57 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-20 21:57 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-20 21:57 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-20 21:57 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-20 21:57 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-20 21:57 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-20 21:57 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-20 21:57 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-20 21:57 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-20 21:57 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-20 21:57 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-20 21:57 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-12-20 21:57 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-12-20 21:57 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-12-20 21:57 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-20 21:57 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-20 21:57 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-20 21:57 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-20 21:57 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-20 21:57 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-20 21:57 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-20 21:57 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-20 21:57 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-30 22:16 - 2013-09-21 14:09 - 00000000 ____D () C:\Users\Nati\Documents\FH Soziale Arbeit 2014-12-30 17:15 - 2013-01-10 14:12 - 02077095 _____ () C:\Windows\WindowsUpdate.log 2014-12-29 22:20 - 2013-01-10 23:05 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-12-29 22:20 - 2013-01-10 23:05 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-12-29 22:20 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-29 13:02 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-29 13:02 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-29 12:54 - 2010-11-21 04:47 - 00121564 _____ () C:\Windows\PFRO.log 2014-12-29 12:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-29 12:54 - 2009-07-14 05:51 - 00071336 _____ () C:\Windows\setupact.log 2014-12-29 00:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-29 00:40 - 2013-03-17 14:37 - 00000000 ____D () C:\Users\Nati\AppData\Local\Adobe 2014-12-29 00:39 - 2012-04-26 06:15 - 00000000 ____D () C:\ProgramData\Temp 2014-12-21 11:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-21 10:54 - 2014-07-07 21:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-21 10:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-21 10:50 - 2014-07-08 19:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-21 10:50 - 2013-04-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-21 10:45 - 2014-07-08 19:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-21 01:43 - 2012-04-26 06:03 - 00000000 ____D () C:\Windows\no 2014-12-20 23:55 - 2013-03-22 18:55 - 00000000 ____D () C:\Users\Nati\Documents\nachhilfe 2014-12-18 14:02 - 2013-12-26 20:48 - 00000000 ____D () C:\Users\Nati\AppData\Local\Microsoft Games Some content of TEMP: ==================== C:\Users\Nati\AppData\Local\temp\avgnt.exe C:\Users\Nati\AppData\Local\temp\Quarantine.exe C:\Users\Nati\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-27 23:44 ==================== End Of Log ============================ ich hoff ich habe sonst nichts vergessen! lg |
31.12.2014, 16:28 | #12 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Nati\Local Settings\Application Data\Bundled software uninstaller\biclient.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll E:\user@8530P\#DOC\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe E:\user@8530P\#DOC\Bibliotheken\Documents\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe E:\$RECYCLE.BIN\$RG88865.exe HKU\S-1-5-21-2552683608-972022576-3084334511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.01.2015, 23:42 | #13 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" DateifensterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014 Ran by Nati at 2015-01-01 22:05:48 Run:1 Running from C:\Users\Nati\Desktop Loaded Profiles: Nati & (Available profiles: Nati) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Nati\Local Settings\Application Data\Bundled software uninstaller\biclient.exe C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll E:\user@8530P\#DOC\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe E:\user@8530P\#DOC\Bibliotheken\Documents\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe E:\$RECYCLE.BIN\$RG88865.exe HKU\S-1-5-21-2552683608-972022576-3084334511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path Emptytemp: ***************** C:\Users\Nati\Local Settings\Application Data\Bundled software uninstaller\biclient.exe => Moved successfully. C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully. "E:\user@8530P\#DOC\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe" => File/Directory not found. "E:\user@8530P\#DOC\Bibliotheken\Documents\cityburnnightafternightandwespraypaintthewalls_downloader_by_SchriftartenFontsde.exe" => File/Directory not found. "E:\$RECYCLE.BIN\$RG88865.exe" => File/Directory not found. "HKU\S-1-5-21-2552683608-972022576-3084334511-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2552683608-972022576-3084334511-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. EmptyTemp: => Removed 964.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:07:27 ==== Erstmal vielen, vielen lieben Dank, ich werde etwas Spenden, finde ich eine tolle Sache und hat super und rasch geklappt! Jetzt würde mich noch interessieren, was das denn war? Also welcher Virus bzw. wodurch ich den bekommen habe? Einfach aus Interesse und auch um so etwas zukünftig zu vermeiden... Liebe Grüße! Noch etwas: mir ist soeben aufgefallen, dass meine rechte Maustaste (direkt am Laptop) nicht mehr funktioniert. Ein Rechtsklick auf Dateien etc. ist nicht mehr möglich. Haben Sie eine Idee woran das liegen könnte? LG |
02.01.2015, 13:39 | #14 |
/// the machine /// TB-Ausbilder | Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Erneuere bitte den Treiber vom Touchpad. Oder der Button ist einfach defekt. Woher ne Infektion kommt ist nicht nachvollziehbar, sehr warscheinlich aber durch einen Download.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.01.2015, 16:43 | #15 |
| Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster Habe nun einen Treiber heruntergeladen und die Taste geht wieder - juhu! jetzt sollte alles passen, ein riesengroßes Dankeschön noch einmal! Sie können den Thread jetzt löschen. Vielen Dank und alles Gute, ich werde mich mit einer Spende erkenntlich zeigen. Liebe Grüße! |
Themen zu Windows 7: einfärbiger Hintergrund und geöffnetes "Computer" Dateifenster |
adware, antivir, antivirus, askbar, avira, bildschirm, bingbar, bonjour, computer, cpu, defender, excel, fehler, flash player, helper, home, ip-hilfsdienst, launch, linkury, mozilla, msiexec.exe, registry, scan, security, services.exe, software, svchost.exe, symantec, system, tracker, usb, windows |