Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win7: compatibilitycheck Virus/Trojaner

Win7: compatibilitycheck Virus/Trojaner


Plagegeister aller Art und deren Bekämpfung: Win7: compatibilitycheck Virus/Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.01.2015, 18:47   #1
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner


Hallo zusammen,

ich denke ich habe seit einigen Tagen meinen ersten Virus/Trojaner auf meinem PC.

Dieser äußert sich darin, dass er meine PC-Performance deutlich herunterzieht und somit alles langsamer ist. Bis gestern ging auch noch ab und zu einfach irgendein Webradio für 2-10 Sekunden in unregelmäßigen Abständen an. Dies ist jedoch aktuell nicht mehr der Fall.

Beim Lautstärkemixer stand dann etwas von "compatibilitycheck". Dies fand ich auch im Task-Manager oft wieder. Das wird der Virus sein, da er viel Arbeitsspeicher beansprucht und ich keine Ahnung habe was das sonst sein soll.

Ist wohl ähnlich mit diesem Problem:

http://www.trojaner-board.de/162729-...ml#post1408624

mit dem Unterschied, dass ich den "compatibilitycheck" im Taskmanager beenden kann und mein System dann wieder relativ gut läuft.

Hier ein paar Logs:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Andi (administrator) on ANDI-PC on 13-01-2015 18:12:15
Running from C:\Users\Andi\Downloads
Loaded Profile: Andi (Available profiles: Andi)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe
(Blizzard Entertainment, Inc.) C:\Program Files\Heroes of the Storm\Versions\Base33353\HeroesOfTheStorm.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1997967318-605228079-2081898283-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: No Name -> {204df522-9a96-4a72-abb0-60f7a216d6d2} ->  No File
BHO: No Name -> {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} ->  No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {339E1B37-76D3-4A64-A988-E81425DF831C} -  No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31]
CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Andi\AppData\Roaming\BabSolution\CR\Doko.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 Verifies and fixes application compatibility issues; C:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 Update Whilokii; "C:\Program Files\Whilokii\updateWhilokii.exe" [X]
S2 Util Whilokii; "C:\Program Files\Whilokii\bin\utilWhilokii.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation                           )
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:12 - 2015-01-13 18:12 - 00016830 _____ () C:\Users\Andi\Downloads\FRST.txt
2015-01-13 18:12 - 2015-01-13 18:12 - 00000000 ____D () C:\FRST
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 ____N () C:\Users\Andi\Desktop\FRST.exe
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe
2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log
2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable
2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe
2015-01-13 17:08 - 2015-01-13 17:08 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-01-13 17:03 - 2015-01-13 17:10 - 00000112 _____ () C:\ProgramData\gA1kP67O.dat
2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-12 18:45 - 2015-01-12 18:45 - 00025193 _____ () C:\Windows\Partizan.log
2015-01-12 18:39 - 2015-01-13 16:56 - 00000112 _____ () C:\Windows\setupact.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000352 _____ () C:\Windows\PFRO.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun
2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe
2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2
2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme
2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip
2015-01-11 14:52 - 2015-01-11 14:52 - 00729648 _____ (Elex do Brasil Participações Ltda) C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe
2015-01-11 13:58 - 2015-01-12 23:50 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 13:57 - 2015-01-11 13:58 - 00000000 ____D () C:\Program Files\pandasecuritytb
2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security
2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 12:05 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Avira
2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-11 12:03 - 2015-01-13 17:01 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Compatibility Verifier
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm
2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 14:47 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:10 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net
2015-01-13 18:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job
2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:39 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi
2015-01-13 17:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 17:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 17:09 - 2013-10-12 01:09 - 01554623 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job
2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-13 16:57 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 16:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator
2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator
2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox
2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox
2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client
2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk
2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther
2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 12:16 - 2014-05-30 14:50 - 00000000 ____D () C:\Program Files\002
2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla
2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify
2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify
2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird
2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype
2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk
2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Files to move or delete:
====================
C:\ProgramData\gA1kP67O.dat


Some content of TEMP:
====================
C:\Users\Andi\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Andi\AppData\Local\Temp\avgnt.exe
C:\Users\Andi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplfvye.dll
C:\Users\Andi\AppData\Local\Temp\nseA918.tmp.exe
C:\Users\Andi\AppData\Local\Temp\Quarantine.exe
C:\Users\Andi\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Andi\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 22:28

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-13 18:13:14
Running from C:\Users\Andi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

27-12-2014 19:19:01 Geplanter Prüfpunkt
04-01-2015 22:35:18 Geplanter Prüfpunkt
09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 23:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1BEEB8F3-E259-4888-AE40-CF49DFC2EAED} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {218E7577-611C-409B-B71E-89AA70186F47} - \UpdaterEX No Task File <==== ATTENTION
Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION
Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {4EC01435-DC70-49B6-A36C-23D460AE7544} - \EPUpdater No Task File <==== ATTENTION
Task: {59215911-87AF-490D-880A-2AB0A05E13F0} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {74769866-75B2-492D-A06B-C84E18EDF2FE} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-09 23:38 - 2014-12-09 23:38 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled)
Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi
Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000007
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.

Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.


System errors:
=============
Error: (01/13/2015 05:05:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/13/2015 04:59:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2015 04:56:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/12/2015 06:54:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/12/2015 06:41:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2015 06:39:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621612024143003A005C00550073006500720073005C00440065006600610075006C0074005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000

Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 93%
Total physical RAM: 3044.74 MB
Available physical RAM: 182.95 MB
Total Pagefile: 6087.77 MB
Available Pagefile: 1371.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:311.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-13 18:38:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000007b WDC_WD50 rev.15.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Andi\AppData\Local\Temp\kxldrpod.sys


---- System - GMER 2.1 ----

SSDT   91AB017E                                  ZwCreateSection
SSDT   91AB0188                                  ZwRequestWaitReplyPort
SSDT   91AB0183                                  ZwSetContextThread
SSDT   91AB018D                                  ZwSetSecurityObject
SSDT   91AB0192                                  ZwSystemDebugControl
SSDT   91AB011F                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E7DA35 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EB7392 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7       82EBE6DC 4 Bytes  [7E, 01, AB, 91] {JLE 0x3; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553       82EBEA38 4 Bytes  [88, 01, AB, 91] {MOV [ECX], AL; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597       82EBEA7C 4 Bytes  [83, 01, AB, 91] {ADD DWORD [ECX], -0x55; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613       82EBEAF8 4 Bytes  [8D, 01, AB, 91] {LEA EAX, [ECX]; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667       82EBEB4C 4 Bytes  [92, 01, AB, 91]
.text  ...                                       
?      system32\drivers\Partizan.sys             Das System kann den angegebenen Pfad nicht finden. !
?      system32\DRIVERS\avkmgr.sys               Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x9DC19000, 0x174C8A, 0xE8000020]
init   C:\Windows\system32\drivers\MBfilt32.sys  entry point in "init" section [0x97585090]

---- EOF - GMER 2.1 ----
Herzlichen Dank für die Hilfe. Wirklich alles sehr professionell hier. Gefällt!

 

Themen zu Win7: compatibilitycheck Virus/Trojaner
adware, avira, browser, compatibilitycheck, compatibilitycheck.exe, desktop, elex-tech, failed, fehler, flash player, google, helper, homepage, mozilla, problem, realtek, registry, scan, security, sekunden, services.exe, software, svchost.exe, system, taskmanager, teredo, tracker, usb, windows, wiso


« Laptop ist sehr langsam, aber kein Virus gefunden. Was tun? | Kein Zugriff auf Datenträger-C »


Ähnliche Themen: Win7: compatibilitycheck Virus/Trojaner


  1. Win7, lästiges Problem mit DiisCountExtiensi, nicht deinstallierbar, ständig Werbung Hijack/Virus/Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2015 (3)
  2. CompatibilityCheck.exe verschlingt meine Ressourcen
    Log-Analyse und Auswertung - 16.04.2015 (32)
  3. compatibilitycheck.exe läuft im Taskmanager und ich höre Ständig nervige Werbung
    Log-Analyse und Auswertung - 02.04.2015 (19)
  4. Windows 7: (compatibilitycheck.exe) PC sehr belastet und Prozesse lassen sich nicht schließen.
    Log-Analyse und Auswertung - 27.03.2015 (21)
  5. Problem mit Compatibilitycheck.exe und PoPups
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (9)
  6. Probleme wie andere mit compatibilitycheck.exe Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  7. Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (39)
  8. Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung
    Log-Analyse und Auswertung - 22.01.2015 (26)
  9. Problem mit compatibilitycheck.exe schnell und freundlich gelöst
    Lob, Kritik und Wünsche - 22.01.2015 (0)
  10. Windows 7: Virus compatibilitycheck.exe spielt Werbung im Hintergrund ab
    Log-Analyse und Auswertung - 19.01.2015 (11)
  11. was ist Compatibilitycheck.exe und warum öffnet es sich 10 mal?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (3)
  12. compatibilitycheck
    Log-Analyse und Auswertung - 17.01.2015 (27)
  13. Win7: Unbekannter Trojaner oder Virus nach Fernwartung
    Log-Analyse und Auswertung - 17.03.2014 (20)
  14. Win7 - keine Anmeldung mehr möglich - Trojaner/Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (7)
  15. Win7: IHaveNet-Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (21)
  16. Trojaner Virus Bild erlaubt nur den abgesicherten Modus.Win7
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  17. Noch ein xxx.JPG.scr Virus/Trojaner via Facebook-Chat/ Win7 64bit startet nicht
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: compatibilitycheck Virus/Trojaner - Hallo zusammen, ich denke ich habe seit einigen Tagen meinen ersten Virus/Trojaner auf meinem PC. Dieser äußert sich darin, dass er meine PC-Performance deutlich herunterzieht und somit alles langsamer ist. - Win7: compatibilitycheck Virus/Trojaner...
Archiv
Du betrachtest: Win7: compatibilitycheck Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55