Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win7: compatibilitycheck Virus/Trojaner

Win7: compatibilitycheck Virus/Trojaner


Plagegeister aller Art und deren Bekämpfung: Win7: compatibilitycheck Virus/Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 13.01.2015, 22:57   #16
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Morgen machen wir den Rest, OK?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 23:02   #17
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Na klar, wünsche dir eine gute Nacht
__________________
Alt 14.01.2015, 14:06   #18
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Bitte mal das in die Chrome-Adresszeile reinkopieren und mit ENTER bestätigen:
Code:
ATTFilter
chrome://settings/homePageOverlay
Das trovi-Zeug löschen. PC neu starten und ein frisches FRST bitte.
__________________
__________________
Alt 14.01.2015, 18:19   #19
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Hey!

Wurde erledigt!

Hier die Logs:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Andi (administrator) on ANDI-PC on 14-01-2015 18:17:11
Running from C:\Users\Andi\Desktop
Loaded Profile: Andi (Available profiles: Andi)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31]
CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation                           )
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:38 - 2015-01-13 22:38 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 22:15 - 2015-01-13 22:15 - 01115648 _____ (Farbar) C:\Users\Andi\Desktop\FRST.exe
2015-01-13 20:33 - 2015-01-13 20:33 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_deu.exe
2015-01-13 20:24 - 2015-01-13 20:24 - 00006640 _____ () C:\Users\Andi\Desktop\HitmanPro_20150113_2024.log
2015-01-13 20:19 - 2015-01-13 20:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 20:18 - 2015-01-13 20:19 - 10285456 _____ (SurfRight B.V.) C:\Users\Andi\Desktop\HitmanPro.exe
2015-01-13 19:45 - 2015-01-13 19:45 - 00000000 _____ () C:\Users\Andi\Desktop\malware.txt
2015-01-13 19:04 - 2015-01-14 18:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 19:04 - 2015-01-13 19:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 19:03 - 2015-01-13 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andi\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-13 18:53 - 2015-01-13 18:53 - 02191360 _____ () C:\Users\Andi\Desktop\AdwCleaner_4.107.exe
2015-01-13 18:38 - 2015-01-13 18:38 - 00002085 _____ () C:\Users\Andi\Desktop\gmer.log
2015-01-13 18:24 - 2015-01-13 18:24 - 00000000 _____ () C:\Users\Andi\Desktop\Neues Textdokument (3).txt
2015-01-13 18:12 - 2015-01-14 18:17 - 00015257 _____ () C:\Users\Andi\Desktop\FRST.txt
2015-01-13 18:12 - 2015-01-14 18:17 - 00000000 ____D () C:\FRST
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe
2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log
2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable
2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe
2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-12 18:45 - 2015-01-13 18:27 - 00025193 _____ () C:\Windows\Partizan.log
2015-01-12 18:39 - 2015-01-14 18:13 - 00000392 _____ () C:\Windows\setupact.log
2015-01-12 18:39 - 2015-01-13 22:20 - 00012346 _____ () C:\Windows\PFRO.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun
2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe
2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2
2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme
2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip
2015-01-11 13:58 - 2015-01-14 18:13 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 13:57 - 2015-01-13 21:15 - 00000000 ____D () C:\Program Files\pandasecuritytb
2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security
2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm
2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 14:47 - 2015-01-13 22:22 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 18:16 - 2013-10-12 01:09 - 01662341 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 18:13 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 18:13 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 18:13 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:13 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job
2015-01-14 18:04 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 23:23 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net
2015-01-13 22:38 - 2013-12-12 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:38 - 2013-12-12 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 22:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 18:58 - 2014-01-01 19:57 - 00000000 ____D () C:\AdwCleaner
2015-01-13 18:58 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi
2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job
2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator
2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator
2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox
2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox
2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client
2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk
2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther
2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla
2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify
2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify
2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird
2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype
2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk
2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 22:28

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-14 18:17:26
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

04-01-2015 22:35:18 Geplanter Prüfpunkt
09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 23:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled)
Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi
Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 06:13:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 06:04:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000007
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3


System errors:
=============
Error: (01/14/2015 06:13:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/14/2015 06:13:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/14/2015 06:04:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/14/2015 06:04:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 10:20:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/13/2015 07:42:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 07:41:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 06:59:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (01/14/2015 06:13:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 06:04:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 35%
Total physical RAM: 3044.74 MB
Available physical RAM: 1956.97 MB
Total Pagefile: 6087.77 MB
Available Pagefile: 4860.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:316.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 14.01.2015, 18:24   #20
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


gut...

Noch irgendwelche Probleme?

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 14.01.2015, 18:33   #21
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Nee, sieht alles super aus =)

edit: Hm, ich hatte gerade den ersten Bluescreen dieses Computers.

Als ich mir andere Threads hier aus Interesse angesehen habe, kam plötzlich nen Bluescreen mit "page_fault_in_no_page_area".

Kann jedoch auch mit dem PC zusammenhängen und nicht mit Viren oder so.

Alt 14.01.2015, 18:38   #22
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Gibst mir morgen halt nochmal ne Rückmeldung OK?

Müssen ja noch "Aufräumen".
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 15.01.2015, 20:26   #23
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Hmja also der Virus scheint weg zu sein, alles läuft schnell, aber seit gestern abend habe ich alle 5-10 Minuten einen Bluescreen mit der Meldung "page_fault_in_non_paged_area".

Davor habe ich Window-Updates installiert.

Glaube irgendwie nicht, dass es mit meinem PC, also Arbeitsspeicher oder so zu tun hat. Wäre schon ein starker Zufall.

Die Behebung dieses Problems ist wohl in diesem Forum fehl am Platze, oder? Könntest du ein gutes Forum empfehlen, das bei solchen Problemen so kompetent hilft wie hier?

edit: Ok scheint behoben zu sein. Habe eine Systemwiederherstellung von gestern Abend kurz vor dem Windows Update gemacht.

Alt 15.01.2015, 22:20   #24
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Ja, oft sind die Updates problematisch. Aktuell noch irgendwelche Probleme?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 15.01.2015, 22:27   #25
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Nein x)

Alt 15.01.2015, 22:32   #26
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Code:
ATTFilter
Java 7 Update 51
Das ist veraltet. Bitte deinstallieren und mit der aktuellen Version ersetzen.


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.




Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Wie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



Firewall, Antivirus & Co.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
    Meine Empfehlungen:
    Kaspersky Antivirus
    Emsisoft Anti-Malware
    avast Free Antivirus
  • Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

    Optional:
  • NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.


Cracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
  • Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort
Seite 2 von 2 1 2

Themen zu Win7: compatibilitycheck Virus/Trojaner
adware, avira, browser, compatibilitycheck, compatibilitycheck.exe, desktop, elex-tech, failed, fehler, flash player, google, helper, homepage, mozilla, problem, realtek, registry, scan, security, sekunden, services.exe, software, svchost.exe, system, taskmanager, teredo, tracker, usb, windows, wiso


« Laptop ist sehr langsam, aber kein Virus gefunden. Was tun? | Kein Zugriff auf Datenträger-C »


Ähnliche Themen: Win7: compatibilitycheck Virus/Trojaner


  1. Win7, lästiges Problem mit DiisCountExtiensi, nicht deinstallierbar, ständig Werbung Hijack/Virus/Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2015 (3)
  2. CompatibilityCheck.exe verschlingt meine Ressourcen
    Log-Analyse und Auswertung - 16.04.2015 (32)
  3. compatibilitycheck.exe läuft im Taskmanager und ich höre Ständig nervige Werbung
    Log-Analyse und Auswertung - 02.04.2015 (19)
  4. Windows 7: (compatibilitycheck.exe) PC sehr belastet und Prozesse lassen sich nicht schließen.
    Log-Analyse und Auswertung - 27.03.2015 (21)
  5. Problem mit Compatibilitycheck.exe und PoPups
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (9)
  6. Probleme wie andere mit compatibilitycheck.exe Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  7. Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (39)
  8. Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung
    Log-Analyse und Auswertung - 22.01.2015 (26)
  9. Problem mit compatibilitycheck.exe schnell und freundlich gelöst
    Lob, Kritik und Wünsche - 22.01.2015 (0)
  10. Windows 7: Virus compatibilitycheck.exe spielt Werbung im Hintergrund ab
    Log-Analyse und Auswertung - 19.01.2015 (11)
  11. was ist Compatibilitycheck.exe und warum öffnet es sich 10 mal?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (3)
  12. compatibilitycheck
    Log-Analyse und Auswertung - 17.01.2015 (27)
  13. Win7: Unbekannter Trojaner oder Virus nach Fernwartung
    Log-Analyse und Auswertung - 17.03.2014 (20)
  14. Win7 - keine Anmeldung mehr möglich - Trojaner/Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (7)
  15. Win7: IHaveNet-Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (21)
  16. Trojaner Virus Bild erlaubt nur den abgesicherten Modus.Win7
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  17. Noch ein xxx.JPG.scr Virus/Trojaner via Facebook-Chat/ Win7 64bit startet nicht
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: compatibilitycheck Virus/Trojaner - Morgen machen wir den Rest, OK? - Win7: compatibilitycheck Virus/Trojaner...
Archiv
Du betrachtest: Win7: compatibilitycheck Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130