|
Plagegeister aller Art und deren Bekämpfung: Win7: compatibilitycheck Virus/TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.01.2015, 18:47 | #1 |
| Win7: compatibilitycheck Virus/Trojaner Hallo zusammen, ich denke ich habe seit einigen Tagen meinen ersten Virus/Trojaner auf meinem PC. Dieser äußert sich darin, dass er meine PC-Performance deutlich herunterzieht und somit alles langsamer ist. Bis gestern ging auch noch ab und zu einfach irgendein Webradio für 2-10 Sekunden in unregelmäßigen Abständen an. Dies ist jedoch aktuell nicht mehr der Fall. Beim Lautstärkemixer stand dann etwas von "compatibilitycheck". Dies fand ich auch im Task-Manager oft wieder. Das wird der Virus sein, da er viel Arbeitsspeicher beansprucht und ich keine Ahnung habe was das sonst sein soll. Ist wohl ähnlich mit diesem Problem: http://www.trojaner-board.de/162729-...ml#post1408624 mit dem Unterschied, dass ich den "compatibilitycheck" im Taskmanager beenden kann und mein System dann wieder relativ gut läuft. Hier ein paar Logs: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02 Ran by Andi (administrator) on ANDI-PC on 13-01-2015 18:12:15 Running from C:\Users\Andi\Downloads Loaded Profile: Andi (Available profiles: Andi) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe (Blizzard Entertainment, Inc.) C:\Program Files\Heroes of the Storm\Versions\Base33353\HeroesOfTheStorm.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1997967318-605228079-2081898283-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: No Name -> {204df522-9a96-4a72-abb0-60f7a216d6d2} -> No File BHO: No Name -> {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} -> No File BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {339E1B37-76D3-4A64-A988-E81425DF831C} - No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll () Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV= CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12] CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25] CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31] CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12] CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11] CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20] CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19] CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13] CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20] CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12] CHR HKLM\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Andi\AppData\Roaming\BabSolution\CR\Doko.crx [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx [Not Found] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.) R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) S2 Verifies and fixes application compatibility issues; C:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] () S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S2 Update Whilokii; "C:\Program Files\Whilokii\updateWhilokii.exe" [X] S2 Util Whilokii; "C:\Program Files\Whilokii\bin\utilWhilokii.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices) R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc) R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.) R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation ) R4 avkmgr; system32\DRIVERS\avkmgr.sys [X] S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X] U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 18:12 - 2015-01-13 18:12 - 00016830 _____ () C:\Users\Andi\Downloads\FRST.txt 2015-01-13 18:12 - 2015-01-13 18:12 - 00000000 ____D () C:\FRST 2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 ____N () C:\Users\Andi\Desktop\FRST.exe 2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe 2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log 2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable 2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe 2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe 2015-01-13 17:08 - 2015-01-13 17:08 - 00000000 _____ () C:\ProgramData\rebootpending.txt 2015-01-13 17:03 - 2015-01-13 17:10 - 00000112 _____ () C:\ProgramData\gA1kP67O.dat 2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2015-01-12 18:45 - 2015-01-12 18:45 - 00025193 _____ () C:\Windows\Partizan.log 2015-01-12 18:39 - 2015-01-13 16:56 - 00000112 _____ () C:\Windows\setupact.log 2015-01-12 18:39 - 2015-01-12 18:39 - 00000352 _____ () C:\Windows\PFRO.log 2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun 2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe 2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2 2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme 2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip 2015-01-11 14:52 - 2015-01-11 14:52 - 00729648 _____ (Elex do Brasil Participações Ltda) C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe 2015-01-11 13:58 - 2015-01-12 23:50 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering 2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2015-01-11 13:57 - 2015-01-11 13:58 - 00000000 ____D () C:\Program Files\pandasecuritytb 2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security 2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security 2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus 2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security 2015-01-11 12:05 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Avira 2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-11 12:03 - 2015-01-13 17:01 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Compatibility Verifier 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm 2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk 2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2014-12-24 14:47 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Heroes of the Storm 2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe 2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 18:10 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net 2015-01-13 18:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job 2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-13 17:39 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi 2015-01-13 17:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 17:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-13 17:09 - 2013-10-12 01:09 - 01554623 _____ () C:\Windows\WindowsUpdate.log 2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job 2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-13 16:57 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-13 16:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator 2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator 2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox 2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox 2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client 2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk 2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt 2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt 2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump 2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther 2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam 2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-11 12:16 - 2014-05-30 14:50 - 00000000 ____D () C:\Program Files\002 2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla 2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify 2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify 2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird 2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net 2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype 2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk 2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Files to move or delete: ==================== C:\ProgramData\gA1kP67O.dat Some content of TEMP: ==================== C:\Users\Andi\AppData\Local\Temp\6_Offer_11.exe C:\Users\Andi\AppData\Local\Temp\avgnt.exe C:\Users\Andi\AppData\Local\Temp\BackupSetup.exe C:\Users\Andi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplfvye.dll C:\Users\Andi\AppData\Local\Temp\nseA918.tmp.exe C:\Users\Andi\AppData\Local\Temp\Quarantine.exe C:\Users\Andi\AppData\Local\Temp\SearchProtectINT.exe C:\Users\Andi\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 22:28 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02 Ran by Andi at 2015-01-13 18:13:14 Running from C:\Users\Andi\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version: - Ubisoft Montreal) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment) ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version: - Crystal Dynamics) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf) Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security) Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.) Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK) Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft) Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= 27-12-2014 19:19:01 Geplanter Prüfpunkt 04-01-2015 22:35:18 Geplanter Prüfpunkt 09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 23:49:59 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {1BEEB8F3-E259-4888-AE40-CF49DFC2EAED} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION Task: {218E7577-611C-409B-B71E-89AA70186F47} - \UpdaterEX No Task File <==== ATTENTION Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {4EC01435-DC70-49B6-A36C-23D460AE7544} - \EPUpdater No Task File <==== ATTENTION Task: {59215911-87AF-490D-880A-2AB0A05E13F0} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION Task: {74769866-75B2-492D-A06B-C84E18EDF2FE} - \BonanzaDealsUpdate No Task File <==== ATTENTION Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll 2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll 2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe 2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll 2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll 2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll 2014-12-09 23:38 - 2014-12-09 23:38 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll 2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll 2014-12-24 15:33 - 2014-12-24 15:33 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2014-12-24 15:33 - 2014-12-24 15:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2014-12-24 15:33 - 2014-12-24 15:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled) Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000007 ID des fehlerhaften Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden. Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. System errors: ============= Error: (01/13/2015 05:05:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/13/2015 04:59:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/13/2015 04:56:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/12/2015 06:54:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/12/2015 06:41:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/12/2015 06:39:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Microsoft Office Sessions: ========================= Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x000000000x00000001 Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT) Description: 1C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621612024143003A005C00550073006500720073005C00440065006600610075006C0074005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000 Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x000000000x00000001 ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 93% Total physical RAM: 3044.74 MB Available physical RAM: 182.95 MB Total Pagefile: 6087.77 MB Available Pagefile: 1371.57 MB Total Virtual: 2047.88 MB Available Virtual: 1883.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:311.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-13 18:38:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000007b WDC_WD50 rev.15.0 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Andi\AppData\Local\Temp\kxldrpod.sys ---- System - GMER 2.1 ---- SSDT 91AB017E ZwCreateSection SSDT 91AB0188 ZwRequestWaitReplyPort SSDT 91AB0183 ZwSetContextThread SSDT 91AB018D ZwSetSecurityObject SSDT 91AB0192 ZwSystemDebugControl SSDT 91AB011F ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7DA35 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB7392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EBE6DC 4 Bytes [7E, 01, AB, 91] {JLE 0x3; STOSD ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EBEA38 4 Bytes [88, 01, AB, 91] {MOV [ECX], AL; STOSD ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82EBEA7C 4 Bytes [83, 01, AB, 91] {ADD DWORD [ECX], -0x55; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82EBEAF8 4 Bytes [8D, 01, AB, 91] {LEA EAX, [ECX]; STOSD ; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82EBEB4C 4 Bytes [92, 01, AB, 91] .text ... ? system32\drivers\Partizan.sys Das System kann den angegebenen Pfad nicht finden. ! ? system32\DRIVERS\avkmgr.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9DC19000, 0x174C8A, 0xE8000020] init C:\Windows\system32\drivers\MBfilt32.sys entry point in "init" section [0x97585090] ---- EOF - GMER 2.1 ---- |
13.01.2015, 18:51 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner Hi,
__________________Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2
Schritt 3 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ |
13.01.2015, 19:48 | #3 |
| Win7: compatibilitycheck Virus/Trojaner Danke für die schnelle Antwort!
__________________PC ist schon bedeutend schneller nach dem Restart^^ Schritt 1: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 19:58:39 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Andi - ANDI-PC # Gestartet von : C:\Downloads\Software\adwcleaner_3.016.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : bonanzadealslive [#] Dienst Gelöscht : bonanzadealslivem [#] Dienst Gelöscht : update whilokii [#] Dienst Gelöscht : Util Whilokii Dienst Gelöscht : WsysSvc ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive Ordner Gelöscht : C:\ProgramData\eSafe Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Ordner Gelöscht : C:\Program Files\Advanced System Protector Ordner Gelöscht : C:\Program Files\BonanzaDeals Ordner Gelöscht : C:\Program Files\BonanzaDealsLive Ordner Gelöscht : C:\Program Files\Doko-Toolbar Ordner Gelöscht : C:\Program Files\MyPC Backup Ordner Gelöscht : C:\Program Files\Whilokii Ordner Gelöscht : C:\Users\Andi\AppData\Local\BonanzaDealsLive Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\eIntaller Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Doko-Toolbar Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\UpdaterEX Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals Datei Gelöscht : C:\Windows\system32\roboot.exe Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F4DCD88-6A16-4257-8577-FCC26B544AFF} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30559433-1429-4A8C-A329-1274487E924C} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F4DCD88-6A16-4257-8577-FCC26B544AFF} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30559433-1429-4A8C-A329-1274487E924C} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59215911-87AF-490D-880A-2AB0A05E13F0} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59215911-87AF-490D-880A-2AB0A05E13F0} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BEEB8F3-E259-4888-AE40-CF49DFC2EAED} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BEEB8F3-E259-4888-AE40-CF49DFC2EAED} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74769866-75B2-492D-A06B-C84E18EDF2FE} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74769866-75B2-492D-A06B-C84E18EDF2FE} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EC01435-DC70-49B6-A36C-23D460AE7544} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EC01435-DC70-49B6-A36C-23D460AE7544} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{218E7577-611C-409B-B71E-89AA70186F47} [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218E7577-611C-409B-B71E-89AA70186F47} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{61C49879-C552-4BE0-B575-4E692BD6E95C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{339E1B37-76D3-4A64-A988-E81425DF831C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46D2445F-7631-47C3-BE78-32CFAAC5EA3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5F468B8A-624E-4FEE-8C40-CB8BC752AC52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{626CCEF0-6FED-4752-AB5C-EA2EEACCF3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{61C49879-C552-4BE0-B575-4E692BD6E95C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{339E1B37-76D3-4A64-A988-E81425DF831C}] Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive Schlüssel Gelöscht : HKCU\Software\Doko-Toolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\UpdaterEX Schlüssel Gelöscht : HKCU\Software\Whilokii Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive Schlüssel Gelöscht : HKLM\Software\Doko-Toolbar Schlüssel Gelöscht : HKLM\Software\eSafeSecControl Schlüssel Gelöscht : HKLM\Software\qvo6Software Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKLM\Software\Whilokii Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Google Chrome v32.0.1700.41 [ Datei : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [18418 octets] - [01/01/2014 19:58:02] AdwCleaner[S0].txt - [16706 octets] - [01/01/2014 19:58:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16767 octets] ########## AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 18:58:23 # Aktualisiert 07/01/2015 von Xplode # Database : 2015-01-13.2 [Live] # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzername : Andi - ANDI-PC # Gestartet von : C:\Users\Andi\Desktop\AdwCleaner_4.107.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : update whilokii [#] Dienst Gelöscht : Util Whilokii [#] Dienst Gelöscht : iSafeKrnlMon ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\002 Ordner Gelöscht : C:\Program Files\RrFilter Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\mt_ffx Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Andi\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Compatibility Verifier Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys Datei Gelöscht : C:\Users\Andi\daemonprocess.txt Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Tasks ] ***** Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA Task Gelöscht : BonanzaDealsUpdate Task Gelöscht : EPUpdater Task Gelöscht : UpdaterEX ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{61C49879-C552-4BE0-B575-4E692BD6E95C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46D2445F-7631-47C3-BE78-32CFAAC5EA3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5F468B8A-624E-4FEE-8C40-CB8BC752AC52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{626CCEF0-6FED-4752-AB5C-EA2EEACCF3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{61C49879-C552-4BE0-B575-4E692BD6E95C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339E1B37-76D3-4A64-A988-E81425DF831C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{339E1B37-76D3-4A64-A988-E81425DF831C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{339E1B37-76D3-4A64-A988-E81425DF831C}] Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SearchProtectINT Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings Schlüssel Gelöscht : HKLM\SOFTWARE\Doko-Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher Schlüssel Gelöscht : HKLM\SOFTWARE\RrSavings ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v -\\ Google Chrome v39.0.2171.95 [C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm [C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm [C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=58&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&q={searchTerms}&SSPV= [C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=58&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&q={searchTerms}&SSPV= ************************* AdwCleaner[R0].txt - [27052 octets] - [01/01/2014 19:58:02] AdwCleaner[S0].txt - [25353 octets] - [01/01/2014 19:58:39] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25414 octets] ########## Schritt 2: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malware Protection, Starting, Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malware Protection, Started, Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, Update, 13.01.2015 19:04:24, SYSTEM, ANDI-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 13.01.2015 19:04:24, SYSTEM, ANDI-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1, Update, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.13.13, Protection, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Protection, Refresh, Starting, Protection, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Stopping, Protection, 13.01.2015 19:04:35, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Stopped, Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Refresh, Success, Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, Scan, 13.01.2015 19:05:23, SYSTEM, ANDI-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 0 Sekunden, Bedrohungs-Suchlauf, Abgebrochen, 0 Malwareerkennung, 0-Malwareerkennung, Scan, 13.01.2015 19:39:13, SYSTEM, ANDI-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 13 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 3 Malwareerkennung, 47-Malwareerkennung, Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malware Protection, Starting, Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malware Protection, Started, Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, Protection, 13.01.2015 19:42:02, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, (end) |
13.01.2015, 19:49 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.01.2015, 19:54 | #5 |
| Win7: compatibilitycheck Virus/Trojaner Tut mir leid, hatte es eigentlich nach Anleitung gemacht, aber hat wohl nicht so funktioniert... Hoffe das ist richtig: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 13.01.2015 Suchlauf-Zeit: 19:05:37 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.13.13 Rootkit Datenbank: v2015.01.07.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Andi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 305275 Verstrichene Zeit: 13 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 15 PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [c3d519dbc8c1cc6ae0efd416b84aba46], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{20ECF6B1-A008-4F5D-8DC9-590BB1858888}, In Quarantäne, [cecadd17ccbd68ce36f5f132758e718f], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F465AFA-97C8-4186-B5C3-962C1B73E404}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43D6CCFB-3DCD-4F2C-9559-7ADB60FC5B1D}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4DEE8805-DDE1-40DC-876B-91E7EAF2B66C}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B2C191B-D11C-4174-B159-596C6AB37635}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77251346-4728-49BE-9368-58D35749E4E3}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{779DA3F8-10A1-45DC-88CF-70090ADEAA5F}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{980BC6E0-A90A-4D68-9C71-86D31EDA7DDB}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A5E5D514-230F-464A-8E34-EFE88216C1EC}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0990C7C-28EE-4B1E-95B9-5468269B4EAF}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D4DFDE4F-28C6-4EA1-9F16-4F32104E7146}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F7F8BE5E-5CE0-4EEC-9FA1-16ADF668A316}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [039506eeb8d173c3dbacaac2986be21e], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 3 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], Dateien: 32 PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [b4e45f95682154e29dadc59da362de22], HackTool.Wpakill, C:\Users\Andi\AppData\Local\Temp\6_Offer_11.exe, In Quarantäne, [5543668e83061323dd8cfd70e020aa56], PUP.Optional.MyPCBackup.A, C:\Users\Andi\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [425610e4c5c4c5712ff5e9fed62b5ba5], PUP.Optional.Conduit.A, C:\Users\Andi\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [41577c788009c1758de66ed06c95a35d], PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\BExternal.dll, In Quarantäne, [5e3a1adae1a862d4252d75aedc24867a], PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\CrxInstaller.dll, In Quarantäne, [5f3934c05534de583bc377c3926f08f8], PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\MntrDLLInstall.dll, In Quarantäne, [9206767eb5d4fd39f00fb189bb466b95], PUP.Optional.DokoToolbar.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\MyDokoTB.exe, In Quarantäne, [bddb748054353ff7dc246add659c946c], PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\Setup.exe, In Quarantäne, [ddbb668e32577abc807856cb52aed828], PUP.Optional.OutBrowse, C:\Users\Andi\AppData\Local\Temp\nsbD088.tmp\Convert1.dll, In Quarantäne, [0494777daddcb3838bd200d4c63b01ff], PUP.Optional.PCFixSpeed.A, C:\Users\Andi\AppData\Local\Temp\is1275519350\2073991_stp\DokoTB.exe, In Quarantäne, [d0c837bdbccd5cda45da83769b697090], PUP.Optional.RegCleanerPro, C:\Users\Andi\AppData\Local\Temp\is1275519350\2074070_stp\rcpsetup_adppi_adppi.exe, In Quarantäne, [6e2afafa7b0e70c62bab220aec15867a], PUP.Optional.BonanzaDeals.A, C:\Users\Andi\AppData\Local\Temp\is1275519350\2074193_stp\bd.exe, In Quarantäne, [0890876d286143f3bcf41d2728d9f60a], HackTool.Wpakill, C:\Users\Andi\Downloads\Windows 7 activator by ROHAN.rar, In Quarantäne, [94046193c8c11026aebbbdb0a0603cc4], HackTool.Wpakill, C:\Users\Andi\Downloads\windows7 key patcher.rar, In Quarantäne, [06925e967f0a54e2acbded802cd47789], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
13.01.2015, 19:55 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner OK.. Weiter mit Schritt 3...
__________________ --> Win7: compatibilitycheck Virus/Trojaner |
13.01.2015, 20:01 | #7 |
| Win7: compatibilitycheck Virus/Trojaner Meine Güte, bin ich verpeilt heute... Entschuldige. Schritt 3: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02 Ran by Andi (administrator) on ANDI-PC on 13-01-2015 19:57:30 Running from C:\Users\Andi\Desktop Loaded Profile: Andi (Available profiles: Andi) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll () Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV= CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12] CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25] CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31] CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12] CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11] CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20] CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19] CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13] CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20] CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.) R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices) R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.) R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation ) U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 19:51 - 2015-01-13 19:51 - 00002084 _____ () C:\Users\Andi\Desktop\malware2.txt 2015-01-13 19:45 - 2015-01-13 19:45 - 00000000 _____ () C:\Users\Andi\Desktop\malware.txt 2015-01-13 19:31 - 2015-01-13 19:31 - 00025495 _____ () C:\Users\Andi\Desktop\AdwCleaner[S0].txt 2015-01-13 19:04 - 2015-01-13 19:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-13 19:04 - 2015-01-13 19:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-13 19:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-13 19:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-13 19:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-13 19:03 - 2015-01-13 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andi\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-13 18:53 - 2015-01-13 18:53 - 02191360 _____ () C:\Users\Andi\Desktop\AdwCleaner_4.107.exe 2015-01-13 18:38 - 2015-01-13 18:38 - 00002085 _____ () C:\Users\Andi\Desktop\gmer.log 2015-01-13 18:24 - 2015-01-13 18:24 - 00000000 _____ () C:\Users\Andi\Desktop\Neues Textdokument (3).txt 2015-01-13 18:13 - 2015-01-13 18:14 - 00030156 _____ () C:\Users\Andi\Desktop\Addition.txt 2015-01-13 18:12 - 2015-01-13 19:57 - 00016401 _____ () C:\Users\Andi\Desktop\FRST.txt 2015-01-13 18:12 - 2015-01-13 19:57 - 00000000 ____D () C:\FRST 2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 ____N (Farbar) C:\Users\Andi\Desktop\FRST.exe 2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe 2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log 2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable 2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe 2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe 2015-01-13 17:03 - 2015-01-13 17:10 - 00000112 _____ () C:\ProgramData\gA1kP67O.dat 2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2015-01-12 18:45 - 2015-01-13 18:27 - 00025193 _____ () C:\Windows\Partizan.log 2015-01-12 18:39 - 2015-01-13 19:41 - 00010666 _____ () C:\Windows\PFRO.log 2015-01-12 18:39 - 2015-01-13 19:41 - 00000224 _____ () C:\Windows\setupact.log 2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun 2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe 2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2 2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme 2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip 2015-01-11 14:52 - 2015-01-11 14:52 - 00729648 _____ (Elex do Brasil Participações Ltda) C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe 2015-01-11 13:58 - 2015-01-13 19:41 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering 2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2015-01-11 13:57 - 2015-01-11 13:58 - 00000000 ____D () C:\Program Files\pandasecuritytb 2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security 2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security 2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus 2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security 2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm 2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk 2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2014-12-24 14:47 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Heroes of the Storm 2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe 2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 19:45 - 2013-10-12 01:09 - 01568173 _____ () C:\Windows\WindowsUpdate.log 2015-01-13 19:41 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-13 19:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 19:40 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-13 19:40 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-13 19:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 19:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-13 19:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job 2015-01-13 18:58 - 2014-01-01 19:57 - 00000000 ____D () C:\AdwCleaner 2015-01-13 18:58 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi 2015-01-13 18:24 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net 2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job 2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator 2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator 2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox 2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox 2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client 2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk 2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt 2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt 2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump 2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther 2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam 2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla 2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify 2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify 2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird 2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net 2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype 2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk 2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight Files to move or delete: ==================== C:\ProgramData\gA1kP67O.dat Some content of TEMP: ==================== C:\Users\Andi\AppData\Local\Temp\avgnt.exe C:\Users\Andi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplfvye.dll C:\Users\Andi\AppData\Local\Temp\nseA918.tmp.exe C:\Users\Andi\AppData\Local\Temp\Quarantine.exe C:\Users\Andi\AppData\Local\Temp\sqlite3.dll C:\Users\Andi\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 22:28 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02 Ran by Andi at 2015-01-13 19:58:01 Running from C:\Users\Andi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version: - Ubisoft Montreal) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment) ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version: - Crystal Dynamics) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf) Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security) Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.) Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK) Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft) Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= 04-01-2015 22:35:18 Geplanter Prüfpunkt 09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 23:49:59 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll 2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll 2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll 2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe 2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll 2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll 2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-13 15:31 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled) Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000007 ID des fehlerhaften Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/13/2015 07:42:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 07:41:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/13/2015 06:59:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 06:59:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Panda Devices Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x000000000x00000001 Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 49% Total physical RAM: 3044.74 MB Available physical RAM: 1526.22 MB Total Pagefile: 6087.77 MB Available Pagefile: 4199.11 MB Total Virtual: 2047.88 MB Available Virtual: 1886.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:314.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
13.01.2015, 20:15 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner Kein Problem... Schritt 1 Downloade Dir HitmanProauf Deinen Desktop: HitmanPro-32 Bit Version HitmanPro-64 Bit Version
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.01.2015, 20:24 | #9 |
| Win7: compatibilitycheck Virus/TrojanerCode:
ATTFilter
|
13.01.2015, 20:32 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner OK, dann gleich noch ESET hinterher... Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.01.2015, 21:18 | #11 |
| Win7: compatibilitycheck Virus/TrojanerCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=24d393bbe87a3b4f8d51ee93d8fe2553 # engine=21950 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-13 08:16:10 # local_time=2015-01-13 09:16:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Panda Cloud Antivirus' # compatibility_mode=1552 16777213 75 93 199222 207376143 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 8580 172811360 0 0 # scanned=147200 # found=51 # cleaned=51 # scan_time=2480 sh=3D7E8FE73AD46AF27A3A519B1AF123280C1F23A0 ft=1 fh=353453610bf1084e vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AdvancedSystemProtector.exe.vir" sh=0F0ACE5EAAFF987D027A30217479E6B4248C0C12 ft=1 fh=82ed1fa5b9e91fbf vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AspManager.exe.vir" sh=A97A3378764EA24FC4267EC86252AE3497C05F49 ft=1 fh=105c12aadbd7c3e7 vn="Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Communication.dll.vir" sh=9E886F14D1BF4561775EA9A2A78D8F92715A2712 ft=1 fh=c11390fa1cc2c2ac vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\filetypehelper.exe.vir" sh=D103189157FDE6510C9B1569034C0964D67C2D9D ft=1 fh=089fe79882afafcd vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\scandll.dll.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.com.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\firefox.com.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\iexplore.exe.vir" sh=CE07161EE6BA037A4911C32E7FF99D6D62167F51 ft=1 fh=d703e280c9387f8b vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDeals\BonanzaDealsIE.dll.vir" sh=D5639EC96BB23E91CCC655C4E765797930866676 ft=1 fh=611e9e9c9165914e vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir" sh=609D8E76D3CC9811543AE9FF60C99FA238755DEB ft=1 fh=ae6efe48edf4869d vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir" sh=FEC645D6BF74FD011FA9EE2075478E9E059B3EEF ft=1 fh=258f8231b82cc0cb vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir" sh=E59C40DBDFFBFC64CB01080F85ADB47515919AAD ft=1 fh=25b1bb1ca23e3ee4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir" sh=61999ADB14A580A2D965FB8E6AA0AC31B61CF3C1 ft=1 fh=54b10837e69fea4a vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir" sh=7589639BBD0B6B0B2A054F7DFDBA593FD29024C8 ft=1 fh=695860d343b88911 vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir" sh=9CD9DBA6B99C6C88E8CACD8A4A72AC1778B86010 ft=1 fh=a14d33dbdf868e65 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarApp.dll.vir" sh=7936A5CBADA4B1C422E8D6C9394973F57D392331 ft=1 fh=1aeea73a71c1ef61 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarEng.dll.vir" sh=654FB351A6D1E721030768CAEEC5D3E16CCDC6E1 ft=1 fh=34c93af138f65726 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarsrv.exe.vir" sh=B87210DB7408A251B0F9F0E90E07E01B30BA90E6 ft=1 fh=924d6f191c6ebfd3 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll.vir" sh=1C2427F2899C57C2A6CB9E95F8F15AAEA5716841 ft=1 fh=0ce554b6dc5aec4d vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\uninstall.exe.vir" sh=ADFC9FA91DFF03C98690C7D0A8833C404C9B75FE ft=1 fh=2a0cd34600ad4288 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll.vir" sh=A2177E70A1E0D11ACD1F5BEDE3B95B6B423FFB2E ft=1 fh=daab223952aeedc6 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Whilokii\WhilokiiUninstall.exe.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir" sh=556095C3C04108657513E0DB73F9659259FE752E ft=1 fh=2b61ea0a79f227a9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir" sh=7FD34F048378000A2153730C4036AD5DF37A6341 ft=1 fh=f0c6bce383296b05 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir" sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir" sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir" sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir" sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir" sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir" sh=2B4FBD22E02C31B3B2811C685ADC947010372FD1 ft=1 fh=868840cce63967ae vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" sh=41DE1AFF8AC7BF30EA7F952825E02FA6EC6A306D ft=1 fh=cfbb424d50a0cab5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\dtUser.exe" sh=30E5E6B0B58E73CADC4D59EE657E07E5AE9F5813 ft=1 fh=f84afab4951a6e89 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\pandasecurityDx.dll" sh=81374ADC5FD8E52504FA3E9A88C38EAA56058384 ft=1 fh=2c5c7dc7e05fe486 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\pandasecuritytb.dll" sh=4CACDA09043243E84A3DBA2997836C150A2C2B0B ft=1 fh=c18395028fe7b6f5 vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\159HJ3S1\Mobogenie_Setup_2.2.5_563[1].exe" sh=0CE78CDB7AE8C457229124E383DA64FBDE7AE471 ft=1 fh=fd716b0c5f46d82e vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8QEPGLOE\SearchProtectGeneric4Setup[1].exe" sh=53B1B6D2560546ECF31BAD4D916733E40443C450 ft=1 fh=c3198f20fe07a8a8 vn="Win32/Reporter.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ729YA2\RegClean22[1].exe" sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ729YA2\spstub[1].exe" sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\BabMaint.exe" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\IEHelper.dll" sh=5EED65CA89EA42F0489C89FFEB3D9CF2771C55EE ft=1 fh=d7471ce3e593b0f6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\aaccee\aabbcc.exe" sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\is1275519350\2073989_stp\wajam_validate.exe" sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\is1275519350\2074150_stp\whilokii_is.exe" sh=4EF7B22257EB4CECBE87741997EE54BAA9B4155C ft=1 fh=a761ea9f5900aef3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\Downloads\JPEG to PDF - CHIP-Downloader.exe" sh=E5E1EB2638B3A17F88152D5DB23CE04C9F2C3C75 ft=1 fh=03cc3bee0fb941ae vn="Win32/ELEX.BI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe" sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\Documents\Downloads\FREEAV1504.exe" |
13.01.2015, 21:20 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.01.2015, 21:31 | #13 |
| Win7: compatibilitycheck Virus/Trojaner Ich denke nicht! Läuft zumindest sehr viel schneller als vorher. Herzlichen Dank schonmal |
13.01.2015, 21:40 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7: compatibilitycheck Virus/Trojaner Ok... Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HomePage: Default -> hxxp:// C:\ProgramData\gA1kP67O.dat EmptyTemp: C:\Users\Andi\AppData\Roaming\Compatibility Verifier\ Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.01.2015, 22:50 | #15 |
| Win7: compatibilitycheck Virus/TrojanerCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02 Ran by Andi at 2015-01-13 22:15:58 Run:1 Running from C:\Users\Andi\Desktop Loaded Profile: Andi (Available profiles: Andi) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HomePage: Default -> hxxp:// C:\ProgramData\gA1kP67O.dat EmptyTemp: C:\Users\Andi\AppData\Roaming\Compatibility Verifier\ Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. Chrome HomePage deleted successfully. C:\ProgramData\gA1kP67O.dat => Moved successfully. "C:\Users\Andi\AppData\Roaming\Compatibility Verifier" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8128D8-88E4-4B21-954D-2D975EAE7DA4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8128D8-88E4-4B21-954D-2D975EAE7DA4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E9086B6-F43A-4178-AD23-F3680B4A7C96}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{776269B1-2DB6-4B04-A5A4-628BA8734328}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{776269B1-2DB6-4B04-A5A4-628BA8734328}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84AE419F-B404-4E37-8478-C1C2D45F6B29}" => Key deleted successfully. EmptyTemp: => Removed 2.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 22:19:05 ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02 Ran by Andi (administrator) on ANDI-PC on 13-01-2015 22:41:07 Running from C:\Users\Andi\Desktop Loaded Profile: Andi (Available profiles: Andi) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe (ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe (Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe (Blizzard Entertainment, Inc.) C:\Program Files\Heroes of the Storm\Versions\Base33353\HeroesOfTheStorm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ) HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV= CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12] CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25] CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31] CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12] CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11] CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20] CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19] CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13] CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20] CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.) S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.) R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.) S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices) R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.) R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation ) U0 Partizan; system32\drivers\Partizan.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 22:38 - 2015-01-13 22:38 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2015-01-13 22:15 - 2015-01-13 22:15 - 01115648 _____ (Farbar) C:\Users\Andi\Desktop\FRST.exe 2015-01-13 20:33 - 2015-01-13 20:33 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_deu.exe 2015-01-13 20:24 - 2015-01-13 20:24 - 00006640 _____ () C:\Users\Andi\Desktop\HitmanPro_20150113_2024.log 2015-01-13 20:19 - 2015-01-13 20:25 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-13 20:18 - 2015-01-13 20:19 - 10285456 _____ (SurfRight B.V.) C:\Users\Andi\Desktop\HitmanPro.exe 2015-01-13 19:45 - 2015-01-13 19:45 - 00000000 _____ () C:\Users\Andi\Desktop\malware.txt 2015-01-13 19:04 - 2015-01-13 22:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-13 19:04 - 2015-01-13 19:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-13 19:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-13 19:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-13 19:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-13 19:03 - 2015-01-13 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andi\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-13 18:53 - 2015-01-13 18:53 - 02191360 _____ () C:\Users\Andi\Desktop\AdwCleaner_4.107.exe 2015-01-13 18:38 - 2015-01-13 18:38 - 00002085 _____ () C:\Users\Andi\Desktop\gmer.log 2015-01-13 18:24 - 2015-01-13 18:24 - 00000000 _____ () C:\Users\Andi\Desktop\Neues Textdokument (3).txt 2015-01-13 18:12 - 2015-01-13 22:41 - 00015710 _____ () C:\Users\Andi\Desktop\FRST.txt 2015-01-13 18:12 - 2015-01-13 22:41 - 00000000 ____D () C:\FRST 2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe 2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log 2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable 2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe 2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe 2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2015-01-12 18:45 - 2015-01-13 18:27 - 00025193 _____ () C:\Windows\Partizan.log 2015-01-12 18:39 - 2015-01-13 22:20 - 00012346 _____ () C:\Windows\PFRO.log 2015-01-12 18:39 - 2015-01-13 22:20 - 00000280 _____ () C:\Windows\setupact.log 2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun 2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe 2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2 2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme 2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip 2015-01-11 13:58 - 2015-01-13 22:20 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering 2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2015-01-11 13:57 - 2015-01-13 21:15 - 00000000 ____D () C:\Program Files\pandasecuritytb 2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security 2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security 2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus 2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security 2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA% 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm 2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk 2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm 2014-12-24 14:47 - 2015-01-13 22:22 - 00000000 ____D () C:\Program Files\Heroes of the Storm 2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe 2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-13 22:38 - 2013-12-12 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-13 22:38 - 2013-12-12 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-13 22:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-13 22:37 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net 2015-01-13 22:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-13 22:24 - 2013-10-12 01:09 - 01574759 _____ () C:\Windows\WindowsUpdate.log 2015-01-13 22:20 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-13 22:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 22:20 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-13 22:20 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-13 22:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job 2015-01-13 18:58 - 2014-01-01 19:57 - 00000000 ____D () C:\AdwCleaner 2015-01-13 18:58 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi 2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job 2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator 2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator 2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox 2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox 2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client 2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk 2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt 2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt 2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump 2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther 2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam 2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla 2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify 2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify 2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird 2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net 2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype 2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk 2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-04 22:28 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02 Ran by Andi at 2015-01-13 22:41:45 Running from C:\Users\Andi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version: - ) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version: - Ubisoft Montreal) Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment) ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment) ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version: - Crystal Dynamics) League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (Version: 3.0.1 - Riot Games ) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf) Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security) Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.) Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK) Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft) Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File ==================== Restore Points ========================= 04-01-2015 22:35:18 Geplanter Prüfpunkt 09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 12-01-2015 23:49:59 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll 2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll 2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll 2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe 2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll 2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll 2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll 2014-12-09 23:38 - 2014-12-09 23:38 - 16841392 ____N () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled) Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000007 ID des fehlerhaften Prozesses: 0x107c Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0 Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1 Pfad des fehlerhaften Moduls: compatibilitycheck.exe2 Berichtskennung: compatibilitycheck.exe3 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/13/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 10:20:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/13/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/13/2015 07:42:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 07:41:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/13/2015 06:59:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (01/13/2015 06:59:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Panda Devices Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x000000000x00000001 Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: 0x80070422 Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4 Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 82% Total physical RAM: 3044.74 MB Available physical RAM: 530.14 MB Total Pagefile: 6087.77 MB Available Pagefile: 2816.51 MB Total Virtual: 2047.88 MB Available Virtual: 1890.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:316.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
Themen zu Win7: compatibilitycheck Virus/Trojaner |
adware, avira, browser, compatibilitycheck, compatibilitycheck.exe, desktop, elex-tech, failed, fehler, flash player, google, helper, homepage, mozilla, problem, realtek, registry, scan, security, sekunden, services.exe, software, svchost.exe, system, taskmanager, teredo, tracker, usb, windows, wiso |