Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7: compatibilitycheck Virus/Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2015, 18:47   #1
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Hallo zusammen,

ich denke ich habe seit einigen Tagen meinen ersten Virus/Trojaner auf meinem PC.

Dieser äußert sich darin, dass er meine PC-Performance deutlich herunterzieht und somit alles langsamer ist. Bis gestern ging auch noch ab und zu einfach irgendein Webradio für 2-10 Sekunden in unregelmäßigen Abständen an. Dies ist jedoch aktuell nicht mehr der Fall.

Beim Lautstärkemixer stand dann etwas von "compatibilitycheck". Dies fand ich auch im Task-Manager oft wieder. Das wird der Virus sein, da er viel Arbeitsspeicher beansprucht und ich keine Ahnung habe was das sonst sein soll.

Ist wohl ähnlich mit diesem Problem:

http://www.trojaner-board.de/162729-...ml#post1408624

mit dem Unterschied, dass ich den "compatibilitycheck" im Taskmanager beenden kann und mein System dann wieder relativ gut läuft.

Hier ein paar Logs:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Andi (administrator) on ANDI-PC on 13-01-2015 18:12:15
Running from C:\Users\Andi\Downloads
Loaded Profile: Andi (Available profiles: Andi)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe
(Blizzard Entertainment, Inc.) C:\Program Files\Heroes of the Storm\Versions\Base33353\HeroesOfTheStorm.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1997967318-605228079-2081898283-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: No Name -> {204df522-9a96-4a72-abb0-60f7a216d6d2} ->  No File
BHO: No Name -> {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} ->  No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {339E1B37-76D3-4A64-A988-E81425DF831C} -  No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31]
CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - C:\Users\Andi\AppData\Roaming\BabSolution\CR\Doko.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 Verifies and fixes application compatibility issues; C:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 Update Whilokii; "C:\Program Files\Whilokii\updateWhilokii.exe" [X]
S2 Util Whilokii; "C:\Program Files\Whilokii\bin\utilWhilokii.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation                           )
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:12 - 2015-01-13 18:12 - 00016830 _____ () C:\Users\Andi\Downloads\FRST.txt
2015-01-13 18:12 - 2015-01-13 18:12 - 00000000 ____D () C:\FRST
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 ____N () C:\Users\Andi\Desktop\FRST.exe
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe
2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log
2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable
2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe
2015-01-13 17:08 - 2015-01-13 17:08 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2015-01-13 17:03 - 2015-01-13 17:10 - 00000112 _____ () C:\ProgramData\gA1kP67O.dat
2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-12 18:45 - 2015-01-12 18:45 - 00025193 _____ () C:\Windows\Partizan.log
2015-01-12 18:39 - 2015-01-13 16:56 - 00000112 _____ () C:\Windows\setupact.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000352 _____ () C:\Windows\PFRO.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun
2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe
2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2
2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme
2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip
2015-01-11 14:52 - 2015-01-11 14:52 - 00729648 _____ (Elex do Brasil Participações Ltda) C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe
2015-01-11 13:58 - 2015-01-12 23:50 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 13:57 - 2015-01-11 13:58 - 00000000 ____D () C:\Program Files\pandasecuritytb
2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security
2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 12:05 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Avira
2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-11 12:03 - 2015-01-13 17:01 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Compatibility Verifier
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 21:21 - 2015-01-11 11:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm
2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 14:47 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:10 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net
2015-01-13 18:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job
2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 18:01 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 17:39 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi
2015-01-13 17:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 17:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 17:09 - 2013-10-12 01:09 - 01554623 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job
2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-13 16:57 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 16:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator
2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator
2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox
2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox
2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client
2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk
2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther
2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 12:16 - 2014-05-30 14:50 - 00000000 ____D () C:\Program Files\002
2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla
2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify
2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify
2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird
2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype
2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk
2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Files to move or delete:
====================
C:\ProgramData\gA1kP67O.dat


Some content of TEMP:
====================
C:\Users\Andi\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Andi\AppData\Local\Temp\avgnt.exe
C:\Users\Andi\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplfvye.dll
C:\Users\Andi\AppData\Local\Temp\nseA918.tmp.exe
C:\Users\Andi\AppData\Local\Temp\Quarantine.exe
C:\Users\Andi\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Andi\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 22:28

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-13 18:13:14
Running from C:\Users\Andi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

27-12-2014 19:19:01 Geplanter Prüfpunkt
04-01-2015 22:35:18 Geplanter Prüfpunkt
09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 23:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1BEEB8F3-E259-4888-AE40-CF49DFC2EAED} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {218E7577-611C-409B-B71E-89AA70186F47} - \UpdaterEX No Task File <==== ATTENTION
Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION
Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {4EC01435-DC70-49B6-A36C-23D460AE7544} - \EPUpdater No Task File <==== ATTENTION
Task: {59215911-87AF-490D-880A-2AB0A05E13F0} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {74769866-75B2-492D-A06B-C84E18EDF2FE} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-09 23:38 - 2014-12-09 23:38 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-12-24 15:33 - 2014-12-24 15:33 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled)
Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi
Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000007
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: Die Anwendung oder der Dienst "Compatibility Verify" konnte nicht heruntergefahren werden.

Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.


System errors:
=============
Error: (01/13/2015 05:05:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/13/2015 04:59:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2015 04:57:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/13/2015 04:56:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/12/2015 06:54:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/12/2015 06:41:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Whilokii" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/12/2015 06:39:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126


Microsoft Office Sessions:
=========================
Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:41:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT-AUTORITÄT)
Description: 1C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exeCompatibility Verify0302621612024143003A005C00550073006500720073005C00440065006600610075006C0074005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0043006F006D007000610074006900620069006C006900740079002000560065007200690066006900650072005C0063006F006D007000610074006900620069006C0069007400790063006800650063006B007300760063002E006500780065000000

Error: (01/10/2015 01:23:58 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 93%
Total physical RAM: 3044.74 MB
Available physical RAM: 182.95 MB
Total Pagefile: 6087.77 MB
Available Pagefile: 1371.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:311.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-13 18:38:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000007b WDC_WD50 rev.15.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Andi\AppData\Local\Temp\kxldrpod.sys


---- System - GMER 2.1 ----

SSDT   91AB017E                                  ZwCreateSection
SSDT   91AB0188                                  ZwRequestWaitReplyPort
SSDT   91AB0183                                  ZwSetContextThread
SSDT   91AB018D                                  ZwSetSecurityObject
SSDT   91AB0192                                  ZwSystemDebugControl
SSDT   91AB011F                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E7DA35 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EB7392 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7       82EBE6DC 4 Bytes  [7E, 01, AB, 91] {JLE 0x3; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553       82EBEA38 4 Bytes  [88, 01, AB, 91] {MOV [ECX], AL; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597       82EBEA7C 4 Bytes  [83, 01, AB, 91] {ADD DWORD [ECX], -0x55; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613       82EBEAF8 4 Bytes  [8D, 01, AB, 91] {LEA EAX, [ECX]; STOSD ; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667       82EBEB4C 4 Bytes  [92, 01, AB, 91]
.text  ...                                       
?      system32\drivers\Partizan.sys             Das System kann den angegebenen Pfad nicht finden. !
?      system32\DRIVERS\avkmgr.sys               Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x9DC19000, 0x174C8A, 0xE8000020]
init   C:\Windows\system32\drivers\MBfilt32.sys  entry point in "init" section [0x97585090]

---- EOF - GMER 2.1 ----
         
Herzlichen Dank für die Hilfe. Wirklich alles sehr professionell hier. Gefällt!

Alt 13.01.2015, 18:51   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Hi,



Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

  • Download
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 3



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________

__________________

Alt 13.01.2015, 19:48   #3
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Danke für die schnelle Antwort!

PC ist schon bedeutend schneller nach dem Restart^^

Schritt 1:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 19:58:39
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Andi - ANDI-PC
# Gestartet von : C:\Downloads\Software\adwcleaner_3.016.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
[#] Dienst Gelöscht : update whilokii
[#] Dienst Gelöscht : Util Whilokii
Dienst Gelöscht : WsysSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\Program Files\Advanced System Protector
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\Doko-Toolbar
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\Whilokii
Ordner Gelöscht : C:\Users\Andi\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Doko-Toolbar
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Datei Gelöscht : C:\Windows\System32\Tasks\BonanzaDealsUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Andi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F4DCD88-6A16-4257-8577-FCC26B544AFF}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30559433-1429-4A8C-A329-1274487E924C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F4DCD88-6A16-4257-8577-FCC26B544AFF}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30559433-1429-4A8C-A329-1274487E924C}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59215911-87AF-490D-880A-2AB0A05E13F0}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59215911-87AF-490D-880A-2AB0A05E13F0}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BEEB8F3-E259-4888-AE40-CF49DFC2EAED}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BEEB8F3-E259-4888-AE40-CF49DFC2EAED}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74769866-75B2-492D-A06B-C84E18EDF2FE}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74769866-75B2-492D-A06B-C84E18EDF2FE}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EC01435-DC70-49B6-A36C-23D460AE7544}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EC01435-DC70-49B6-A36C-23D460AE7544}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{218E7577-611C-409B-B71E-89AA70186F47}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218E7577-611C-409B-B71E-89AA70186F47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{61C49879-C552-4BE0-B575-4E692BD6E95C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{339E1B37-76D3-4A64-A988-E81425DF831C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46D2445F-7631-47C3-BE78-32CFAAC5EA3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5F468B8A-624E-4FEE-8C40-CB8BC752AC52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{626CCEF0-6FED-4752-AB5C-EA2EEACCF3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{61C49879-C552-4BE0-B575-4E692BD6E95C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{339E1B37-76D3-4A64-A988-E81425DF831C}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\Doko-Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\Whilokii
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\Doko-Toolbar
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Whilokii
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v32.0.1700.41

[ Datei : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18418 octets] - [01/01/2014 19:58:02]
AdwCleaner[S0].txt - [16706 octets] - [01/01/2014 19:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16767 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 18:58:23
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Andi - ANDI-PC
# Gestartet von : C:\Users\Andi\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : update whilokii
[#] Dienst Gelöscht : Util Whilokii
[#] Dienst Gelöscht : iSafeKrnlMon

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\RrFilter
Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Andi\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Andi\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Andi\AppData\Roaming\Compatibility Verifier
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\Andi\daemonprocess.txt
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineCore
Task Gelöscht : BonanzaDealsLiveUpdateTaskMachineUA
Task Gelöscht : BonanzaDealsUpdate
Task Gelöscht : EPUpdater
Task Gelöscht : UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\edcikfknpchdehdlmjpbofgkoaonaijg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbardskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dokotoolbar.dokotoolbarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{61C49879-C552-4BE0-B575-4E692BD6E95C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{46D2445F-7631-47C3-BE78-32CFAAC5EA3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5F468B8A-624E-4FEE-8C40-CB8BC752AC52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{626CCEF0-6FED-4752-AB5C-EA2EEACCF3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{61C49879-C552-4BE0-B575-4E692BD6E95C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B0295E2-967E-439E-9560-807D9F625B57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339E1B37-76D3-4A64-A988-E81425DF831C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{339E1B37-76D3-4A64-A988-E81425DF831C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{339E1B37-76D3-4A64-A988-E81425DF831C}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKLM\SOFTWARE\Doko-Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\SOFTWARE\RrSavings

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95

[C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
[C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
[C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=58&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&q={searchTerms}&SSPV=
[C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=58&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [27052 octets] - [01/01/2014 19:58:02]
AdwCleaner[S0].txt - [25353 octets] - [01/01/2014 19:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25414 octets] ##########
         
--- --- ---


Schritt 2:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malware Protection, Starting, 
Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malware Protection, Started, 
Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 13.01.2015 19:04:21, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, 
Update, 13.01.2015 19:04:24, SYSTEM, ANDI-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 13.01.2015 19:04:24, SYSTEM, ANDI-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1, 
Update, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.13.13, 
Protection, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Protection, Refresh, Starting, 
Protection, 13.01.2015 19:04:34, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 13.01.2015 19:04:35, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Refresh, Success, 
Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 13.01.2015 19:04:39, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, 
Scan, 13.01.2015 19:05:23, SYSTEM, ANDI-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 0 Sekunden, Bedrohungs-Suchlauf, Abgebrochen, 0 Malwareerkennung, 0-Malwareerkennung, 
Scan, 13.01.2015 19:39:13, SYSTEM, ANDI-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 13 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 3 Malwareerkennung, 47-Malwareerkennung, 
Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malware Protection, Starting, 
Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malware Protection, Started, 
Protection, 13.01.2015 19:41:44, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Starting, 
Protection, 13.01.2015 19:42:02, SYSTEM, ANDI-PC, Protection, Malicious Website Protection, Started, 

(end)
         
__________________

Alt 13.01.2015, 19:49   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Bitte das richtige Log von Malwarebytes posten...


__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 19:54   #5
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Tut mir leid, hatte es eigentlich nach Anleitung gemacht, aber hat wohl nicht so funktioniert... Hoffe das ist richtig:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.01.2015
Suchlauf-Zeit: 19:05:37
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.13.13
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Andi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 305275
Verstrichene Zeit: 13 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 15
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [c3d519dbc8c1cc6ae0efd416b84aba46], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{20ECF6B1-A008-4F5D-8DC9-590BB1858888}, In Quarantäne, [cecadd17ccbd68ce36f5f132758e718f], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\TypeLib\{33B73813-5FF0-4351-AF44-D56DAEE2E434}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F465AFA-97C8-4186-B5C3-962C1B73E404}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43D6CCFB-3DCD-4F2C-9559-7ADB60FC5B1D}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4DEE8805-DDE1-40DC-876B-91E7EAF2B66C}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B2C191B-D11C-4174-B159-596C6AB37635}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{77251346-4728-49BE-9368-58D35749E4E3}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{779DA3F8-10A1-45DC-88CF-70090ADEAA5F}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{980BC6E0-A90A-4D68-9C71-86D31EDA7DDB}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A5E5D514-230F-464A-8E34-EFE88216C1EC}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C0990C7C-28EE-4B1E-95B9-5468269B4EAF}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D4DFDE4F-28C6-4EA1-9F16-4F32104E7146}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.DokoToolbar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F7F8BE5E-5CE0-4EEC-9FA1-16ADF668A316}, In Quarantäne, [a1f79d57cdbcf54183a8071ce71cfa06], 
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [039506eeb8d173c3dbacaac2986be21e], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 3
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], 

Dateien: 32
PUP.Optional.AdPeak.A, C:\temp\t.msi, In Quarantäne, [b4e45f95682154e29dadc59da362de22], 
HackTool.Wpakill, C:\Users\Andi\AppData\Local\Temp\6_Offer_11.exe, In Quarantäne, [5543668e83061323dd8cfd70e020aa56], 
PUP.Optional.MyPCBackup.A, C:\Users\Andi\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [425610e4c5c4c5712ff5e9fed62b5ba5], 
PUP.Optional.Conduit.A, C:\Users\Andi\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [41577c788009c1758de66ed06c95a35d], 
PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\BExternal.dll, In Quarantäne, [5e3a1adae1a862d4252d75aedc24867a], 
PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\CrxInstaller.dll, In Quarantäne, [5f3934c05534de583bc377c3926f08f8], 
PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\MntrDLLInstall.dll, In Quarantäne, [9206767eb5d4fd39f00fb189bb466b95], 
PUP.Optional.DokoToolbar.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\MyDokoTB.exe, In Quarantäne, [bddb748054353ff7dc246add659c946c], 
PUP.Optional.Babylon.A, C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\Setup.exe, In Quarantäne, [ddbb668e32577abc807856cb52aed828], 
PUP.Optional.OutBrowse, C:\Users\Andi\AppData\Local\Temp\nsbD088.tmp\Convert1.dll, In Quarantäne, [0494777daddcb3838bd200d4c63b01ff], 
PUP.Optional.PCFixSpeed.A, C:\Users\Andi\AppData\Local\Temp\is1275519350\2073991_stp\DokoTB.exe, In Quarantäne, [d0c837bdbccd5cda45da83769b697090], 
PUP.Optional.RegCleanerPro, C:\Users\Andi\AppData\Local\Temp\is1275519350\2074070_stp\rcpsetup_adppi_adppi.exe, In Quarantäne, [6e2afafa7b0e70c62bab220aec15867a], 
PUP.Optional.BonanzaDeals.A, C:\Users\Andi\AppData\Local\Temp\is1275519350\2074193_stp\bd.exe, In Quarantäne, [0890876d286143f3bcf41d2728d9f60a], 
HackTool.Wpakill, C:\Users\Andi\Downloads\Windows 7 activator by ROHAN.rar, In Quarantäne, [94046193c8c11026aebbbdb0a0603cc4], 
HackTool.Wpakill, C:\Users\Andi\Downloads\windows7 key patcher.rar, In Quarantäne, [06925e967f0a54e2acbded802cd47789], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [afe913e1deab4de9fc89373506fdf20e], 
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], 
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], 
PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], 
PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [cdcb94604643d165e9862f64c73c5fa1], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         


Alt 13.01.2015, 19:55   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



OK..

Weiter mit Schritt 3...
__________________
--> Win7: compatibilitycheck Virus/Trojaner

Alt 13.01.2015, 20:01   #7
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Meine Güte, bin ich verpeilt heute... Entschuldige.

Schritt 3:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Andi (administrator) on ANDI-PC on 13-01-2015 19:57:30
Running from C:\Users\Andi\Desktop
Loaded Profile: Andi (Available profiles: Andi)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31]
CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation                           )
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:51 - 2015-01-13 19:51 - 00002084 _____ () C:\Users\Andi\Desktop\malware2.txt
2015-01-13 19:45 - 2015-01-13 19:45 - 00000000 _____ () C:\Users\Andi\Desktop\malware.txt
2015-01-13 19:31 - 2015-01-13 19:31 - 00025495 _____ () C:\Users\Andi\Desktop\AdwCleaner[S0].txt
2015-01-13 19:04 - 2015-01-13 19:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 19:04 - 2015-01-13 19:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 19:03 - 2015-01-13 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andi\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-13 18:53 - 2015-01-13 18:53 - 02191360 _____ () C:\Users\Andi\Desktop\AdwCleaner_4.107.exe
2015-01-13 18:38 - 2015-01-13 18:38 - 00002085 _____ () C:\Users\Andi\Desktop\gmer.log
2015-01-13 18:24 - 2015-01-13 18:24 - 00000000 _____ () C:\Users\Andi\Desktop\Neues Textdokument (3).txt
2015-01-13 18:13 - 2015-01-13 18:14 - 00030156 _____ () C:\Users\Andi\Desktop\Addition.txt
2015-01-13 18:12 - 2015-01-13 19:57 - 00016401 _____ () C:\Users\Andi\Desktop\FRST.txt
2015-01-13 18:12 - 2015-01-13 19:57 - 00000000 ____D () C:\FRST
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 ____N (Farbar) C:\Users\Andi\Desktop\FRST.exe
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe
2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log
2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable
2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe
2015-01-13 17:03 - 2015-01-13 17:10 - 00000112 _____ () C:\ProgramData\gA1kP67O.dat
2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-12 18:45 - 2015-01-13 18:27 - 00025193 _____ () C:\Windows\Partizan.log
2015-01-12 18:39 - 2015-01-13 19:41 - 00010666 _____ () C:\Windows\PFRO.log
2015-01-12 18:39 - 2015-01-13 19:41 - 00000224 _____ () C:\Windows\setupact.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun
2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe
2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2
2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme
2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip
2015-01-11 14:52 - 2015-01-11 14:52 - 00729648 _____ (Elex do Brasil Participações Ltda) C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe
2015-01-11 13:58 - 2015-01-13 19:41 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 13:57 - 2015-01-11 13:58 - 00000000 ____D () C:\Program Files\pandasecuritytb
2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security
2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm
2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 14:47 - 2015-01-13 17:01 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:45 - 2013-10-12 01:09 - 01568173 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 19:41 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 19:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 19:40 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 19:40 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 19:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 19:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 19:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job
2015-01-13 18:58 - 2014-01-01 19:57 - 00000000 ____D () C:\AdwCleaner
2015-01-13 18:58 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi
2015-01-13 18:24 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net
2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job
2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator
2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator
2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox
2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox
2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client
2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk
2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther
2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla
2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify
2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify
2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird
2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype
2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk
2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

Files to move or delete:
====================
C:\ProgramData\gA1kP67O.dat


Some content of TEMP:
====================
C:\Users\Andi\AppData\Local\Temp\avgnt.exe
C:\Users\Andi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplfvye.dll
C:\Users\Andi\AppData\Local\Temp\nseA918.tmp.exe
C:\Users\Andi\AppData\Local\Temp\Quarantine.exe
C:\Users\Andi\AppData\Local\Temp\sqlite3.dll
C:\Users\Andi\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 22:28

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-13 19:58:01
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

04-01-2015 22:35:18 Geplanter Prüfpunkt
09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 23:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION
Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 15:31 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled)
Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi
Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000007
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/13/2015 07:42:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 07:41:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 06:59:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 06:59:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Panda Devices Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:42:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 49%
Total physical RAM: 3044.74 MB
Available physical RAM: 1526.22 MB
Total Pagefile: 6087.77 MB
Available Pagefile: 4199.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:314.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 13.01.2015, 20:15   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Kein Problem...

Schritt 1
Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 20:24   #9
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.9.234
www.hitmanpro.com

   Computer name . . . . : ANDI-PC
   Windows . . . . . . . : 6.1.1.7601.X86/6
   User name . . . . . . : Andi-PC\Andi
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-01-13 20:20:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 43s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 6

   Objects scanned . . . : 1.030.976
   Files scanned . . . . : 35.845
   Remnants scanned  . . : 411.705 files / 583.426 keys

Malware _____________________________________________________________________

   C:\Users\Andi\AppData\Local\Temp\is1275519350\2073989_stp\wajam_validate.exe
      Size . . . . . . . : 11.264 bytes
      Age  . . . . . . . : 452.1 days (2013-10-18 17:03:14)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 561B6080396BA1218D886E7F4999918B3E85D50B4BFC05772C911CBE5AF7947A
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.ij
      Fuzzy  . . . . . . : 110.0


Suspicious files ____________________________________________________________

   C:\$Recycle.Bin\S-1-5-21-1997967318-605228079-2081898283-1000\$RVGUHC0.exe
      Size . . . . . . . : 2.124.288 bytes
      Age  . . . . . . . : 0.1 days (2015-01-13 18:08:01)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AFD84F2F859B7B27F251A22B0D07B018DC60AC410C97CC90F768836C05F6F9B9
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Andi\Downloads\FRST.exe
      Size . . . . . . . : 1.115.648 bytes
      Age  . . . . . . . : 0.1 days (2015-01-13 18:11:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FAF5179C2772F9F1CD61CF2E85BDCA567B5C776C404D0EFF5B1A0EEB82B71411
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)
         

Alt 13.01.2015, 20:32   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



OK, dann gleich noch ESET hinterher...

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 21:18   #11
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=24d393bbe87a3b4f8d51ee93d8fe2553
# engine=21950
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-13 08:16:10
# local_time=2015-01-13 09:16:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 199222 207376143 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8580 172811360 0 0
# scanned=147200
# found=51
# cleaned=51
# scan_time=2480
sh=3D7E8FE73AD46AF27A3A519B1AF123280C1F23A0 ft=1 fh=353453610bf1084e vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AdvancedSystemProtector.exe.vir"
sh=0F0ACE5EAAFF987D027A30217479E6B4248C0C12 ft=1 fh=82ed1fa5b9e91fbf vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\AspManager.exe.vir"
sh=A97A3378764EA24FC4267EC86252AE3497C05F49 ft=1 fh=105c12aadbd7c3e7 vn="Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Communication.dll.vir"
sh=9E886F14D1BF4561775EA9A2A78D8F92715A2712 ft=1 fh=c11390fa1cc2c2ac vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\filetypehelper.exe.vir"
sh=D103189157FDE6510C9B1569034C0964D67C2D9D ft=1 fh=089fe79882afafcd vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\scandll.dll.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.com.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\firefox.com.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Advanced System Protector\Troubleshooter\iexplore.exe.vir"
sh=CE07161EE6BA037A4911C32E7FF99D6D62167F51 ft=1 fh=d703e280c9387f8b vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDeals\BonanzaDealsIE.dll.vir"
sh=D5639EC96BB23E91CCC655C4E765797930866676 ft=1 fh=611e9e9c9165914e vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir"
sh=609D8E76D3CC9811543AE9FF60C99FA238755DEB ft=1 fh=ae6efe48edf4869d vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir"
sh=FEC645D6BF74FD011FA9EE2075478E9E059B3EEF ft=1 fh=258f8231b82cc0cb vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir"
sh=E59C40DBDFFBFC64CB01080F85ADB47515919AAD ft=1 fh=25b1bb1ca23e3ee4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=61999ADB14A580A2D965FB8E6AA0AC31B61CF3C1 ft=1 fh=54b10837e69fea4a vn="Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir"
sh=7589639BBD0B6B0B2A054F7DFDBA593FD29024C8 ft=1 fh=695860d343b88911 vn="Variante von Win32/DealPly.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir"
sh=9CD9DBA6B99C6C88E8CACD8A4A72AC1778B86010 ft=1 fh=a14d33dbdf868e65 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarApp.dll.vir"
sh=7936A5CBADA4B1C422E8D6C9394973F57D392331 ft=1 fh=1aeea73a71c1ef61 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarEng.dll.vir"
sh=654FB351A6D1E721030768CAEEC5D3E16CCDC6E1 ft=1 fh=34c93af138f65726 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarsrv.exe.vir"
sh=B87210DB7408A251B0F9F0E90E07E01B30BA90E6 ft=1 fh=924d6f191c6ebfd3 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll.vir"
sh=1C2427F2899C57C2A6CB9E95F8F15AAEA5716841 ft=1 fh=0ce554b6dc5aec4d vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\uninstall.exe.vir"
sh=ADFC9FA91DFF03C98690C7D0A8833C404C9B75FE ft=1 fh=2a0cd34600ad4288 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll.vir"
sh=A2177E70A1E0D11ACD1F5BEDE3B95B6B423FFB2E ft=1 fh=daab223952aeedc6 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Whilokii\WhilokiiUninstall.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=556095C3C04108657513E0DB73F9659259FE752E ft=1 fh=2b61ea0a79f227a9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir"
sh=7FD34F048378000A2153730C4036AD5DF37A6341 ft=1 fh=f0c6bce383296b05 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir"
sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir"
sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir"
sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir"
sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir"
sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andi\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir"
sh=2B4FBD22E02C31B3B2811C685ADC947010372FD1 ft=1 fh=868840cce63967ae vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=41DE1AFF8AC7BF30EA7F952825E02FA6EC6A306D ft=1 fh=cfbb424d50a0cab5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\dtUser.exe"
sh=30E5E6B0B58E73CADC4D59EE657E07E5AE9F5813 ft=1 fh=f84afab4951a6e89 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\pandasecurityDx.dll"
sh=81374ADC5FD8E52504FA3E9A88C38EAA56058384 ft=1 fh=2c5c7dc7e05fe486 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\pandasecuritytb\pandasecuritytb.dll"
sh=4CACDA09043243E84A3DBA2997836C150A2C2B0B ft=1 fh=c18395028fe7b6f5 vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\159HJ3S1\Mobogenie_Setup_2.2.5_563[1].exe"
sh=0CE78CDB7AE8C457229124E383DA64FBDE7AE471 ft=1 fh=fd716b0c5f46d82e vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8QEPGLOE\SearchProtectGeneric4Setup[1].exe"
sh=53B1B6D2560546ECF31BAD4D916733E40443C450 ft=1 fh=c3198f20fe07a8a8 vn="Win32/Reporter.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ729YA2\RegClean22[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ729YA2\spstub[1].exe"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\BabMaint.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\64BE1428-BAB0-7891-AEDD-D3CC82FDF4E2\Latest\IEHelper.dll"
sh=5EED65CA89EA42F0489C89FFEB3D9CF2771C55EE ft=1 fh=d7471ce3e593b0f6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\aaccee\aabbcc.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\is1275519350\2073989_stp\wajam_validate.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\AppData\Local\Temp\is1275519350\2074150_stp\whilokii_is.exe"
sh=4EF7B22257EB4CECBE87741997EE54BAA9B4155C ft=1 fh=a761ea9f5900aef3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\Downloads\JPEG to PDF - CHIP-Downloader.exe"
sh=E5E1EB2638B3A17F88152D5DB23CE04C9F2C3C75 ft=1 fh=03cc3bee0fb941ae vn="Win32/ELEX.BI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Andi\Downloads\yet_another_cleaner_bbs.exe"
sh=614D9529C4AC5698BA44413ED9FF2F2AB7194030 ft=1 fh=fb5c7ba1cde5bf0c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\Documents\Downloads\FREEAV1504.exe"
         

Alt 13.01.2015, 21:20   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 21:31   #13
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Ich denke nicht! Läuft zumindest sehr viel schneller als vorher. Herzlichen Dank schonmal

Alt 13.01.2015, 21:40   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Ok...

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://
C:\ProgramData\gA1kP67O.dat
EmptyTemp:
C:\Users\Andi\AppData\Roaming\Compatibility Verifier\
Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION
Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.01.2015, 22:50   #15
AndiL7
 
Win7: compatibilitycheck Virus/Trojaner - Standard

Win7: compatibilitycheck Virus/Trojaner



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-13 22:15:58 Run:1
Running from C:\Users\Andi\Desktop
Loaded Profile: Andi (Available profiles: Andi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://
C:\ProgramData\gA1kP67O.dat
EmptyTemp:
C:\Users\Andi\AppData\Roaming\Compatibility Verifier\
Task: {2F8128D8-88E4-4B21-954D-2D975EAE7DA4} - \{5E9086B6-F43A-4178-AD23-F3680B4A7C96} No Task File <==== ATTENTION
Task: {776269B1-2DB6-4B04-A5A4-628BA8734328} - \{84AE419F-B404-4E37-8478-C1C2D45F6B29} No Task File <==== ATTENTION
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome HomePage deleted successfully.
C:\ProgramData\gA1kP67O.dat => Moved successfully.
"C:\Users\Andi\AppData\Roaming\Compatibility Verifier" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8128D8-88E4-4B21-954D-2D975EAE7DA4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8128D8-88E4-4B21-954D-2D975EAE7DA4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E9086B6-F43A-4178-AD23-F3680B4A7C96}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{776269B1-2DB6-4B04-A5A4-628BA8734328}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{776269B1-2DB6-4B04-A5A4-628BA8734328}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84AE419F-B404-4E37-8478-C1C2D45F6B29}" => Key deleted successfully.
EmptyTemp: => Removed 2.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:19:05 ====
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Andi (administrator) on ANDI-PC on 13-01-2015 22:41:07
Running from C:\Users\Andi\Desktop
Loaded Profile: Andi (Available profiles: Andi)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(ICQ) C:\Users\Andi\AppData\Roaming\ICQM\icq.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.5383\Battle.net.exe
(Blizzard Entertainment, Inc.) C:\Program Files\Heroes of the Storm\Versions\Base33353\HeroesOfTheStorm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [Google Update] => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-23] (Google Inc.)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Run: [icq] => C:\Users\Andi\AppData\Roaming\ICQM\icq.exe [28698984 2013-10-12] (ICQ)
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1997967318-605228079-2081898283-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Users\Andi\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1997967318-605228079-2081898283-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3323885&octid=EB_ORIGINAL_CTID&ISID=M13051D0B-09F8-4F2E-B924-921C84D4475E&SearchSource=55&CUI=&UM=5&UP=SPF35C3A5E-2D1B-42E1-B628-56782DE8B7C5&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (CR Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfmindblghbicdipoakcolegkcddbk [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-12]
CHR Extension: (Google Cast) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-31]
CHR Extension: (Google-Suche) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-12]
CHR Extension: (Avira Browserschutz) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-11]
CHR Extension: (AdBlock) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-20]
CHR Extension: (Ocutana Screen Share) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmaopnkpkijpdgebapjjckchdjidfego [2014-09-19]
CHR Extension: (Skype Click to Call) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Google Mail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2014-07-25] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [283448 2014-09-19] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-12] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 AsrAppCharger; C:\Windows\System32\DRIVERS\AsrAppCharger.sys [15656 2011-05-10] (Windows (R) Win 7 DDK provider)
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2011-09-11] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2011-09-11] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110624 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [40192 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [244000 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-06-04] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [40024 2014-02-18] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [139536 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105232 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168208 2014-10-02] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113936 2014-10-02] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124688 2014-10-02] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100112 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2011-04-08] (Realtek Semiconductor Corporation                           )
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:38 - 2015-01-13 22:38 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 22:15 - 2015-01-13 22:15 - 01115648 _____ (Farbar) C:\Users\Andi\Desktop\FRST.exe
2015-01-13 20:33 - 2015-01-13 20:33 - 02347384 _____ (ESET) C:\Users\Andi\Desktop\esetsmartinstaller_deu.exe
2015-01-13 20:24 - 2015-01-13 20:24 - 00006640 _____ () C:\Users\Andi\Desktop\HitmanPro_20150113_2024.log
2015-01-13 20:19 - 2015-01-13 20:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-13 20:18 - 2015-01-13 20:19 - 10285456 _____ (SurfRight B.V.) C:\Users\Andi\Desktop\HitmanPro.exe
2015-01-13 19:45 - 2015-01-13 19:45 - 00000000 _____ () C:\Users\Andi\Desktop\malware.txt
2015-01-13 19:04 - 2015-01-13 22:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 19:04 - 2015-01-13 19:04 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 19:04 - 2015-01-13 19:04 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-13 19:04 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 19:04 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 19:03 - 2015-01-13 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Andi\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-13 18:53 - 2015-01-13 18:53 - 02191360 _____ () C:\Users\Andi\Desktop\AdwCleaner_4.107.exe
2015-01-13 18:38 - 2015-01-13 18:38 - 00002085 _____ () C:\Users\Andi\Desktop\gmer.log
2015-01-13 18:24 - 2015-01-13 18:24 - 00000000 _____ () C:\Users\Andi\Desktop\Neues Textdokument (3).txt
2015-01-13 18:12 - 2015-01-13 22:41 - 00015710 _____ () C:\Users\Andi\Desktop\FRST.txt
2015-01-13 18:12 - 2015-01-13 22:41 - 00000000 ____D () C:\FRST
2015-01-13 18:11 - 2015-01-13 18:11 - 01115648 _____ (Farbar) C:\Users\Andi\Downloads\FRST.exe
2015-01-13 17:39 - 2015-01-13 17:39 - 00000470 _____ () C:\Users\Andi\Desktop\defogger_disable.log
2015-01-13 17:39 - 2015-01-13 17:39 - 00000000 _____ () C:\Users\Andi\defogger_reenable
2015-01-13 17:15 - 2015-01-13 17:15 - 00380416 _____ () C:\Users\Andi\Desktop\Gmer-19357.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00050477 _____ () C:\Users\Andi\Desktop\Defogger.exe
2015-01-12 18:47 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-12 18:46 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-01-12 18:46 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-01-12 18:46 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-01-12 18:45 - 2015-01-13 18:27 - 00025193 _____ () C:\Windows\Partizan.log
2015-01-12 18:39 - 2015-01-13 22:20 - 00012346 _____ () C:\Windows\PFRO.log
2015-01-12 18:39 - 2015-01-13 22:20 - 00000280 _____ () C:\Windows\setupact.log
2015-01-12 18:39 - 2015-01-12 18:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 15:02 - 2015-01-11 15:02 - 00000000 ____D () C:\ProgramData\RegRun
2015-01-11 15:01 - 2015-01-13 17:06 - 00000000 ____D () C:\Program Files\UnHackMe
2015-01-11 15:01 - 2015-01-11 15:06 - 00000000 ____D () C:\Users\Andi\Documents\RegRun2
2015-01-11 15:01 - 2015-01-11 15:01 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-01-11 14:55 - 2015-01-11 14:55 - 00000000 ____D () C:\Users\Andi\Downloads\unhackme
2015-01-11 14:53 - 2015-01-11 14:54 - 16599280 _____ () C:\Users\Andi\Downloads\unhackme.zip
2015-01-11 13:58 - 2015-01-13 22:20 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-11 13:58 - 2015-01-11 13:58 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2015-01-11 13:58 - 2014-03-25 14:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 13:57 - 2015-01-13 21:15 - 00000000 ____D () C:\Program Files\pandasecuritytb
2015-01-11 13:57 - 2015-01-11 13:57 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Panda Security
2015-01-11 13:55 - 2015-01-11 13:57 - 00000000 ____D () C:\Program Files\Panda Security
2015-01-11 13:55 - 2015-01-11 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 13:52 - 2015-01-11 13:57 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 12:05 - 2015-01-11 12:05 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-09 21:22 - 2015-01-09 21:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2014-12-28 11:13 - 2014-12-28 11:15 - 00000000 ____D () C:\Users\Andi\Documents\Heroes of the Storm
2014-12-24 15:33 - 2014-12-27 18:13 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-24 15:02 - 2014-12-24 15:02 - 00001153 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2014-12-24 15:02 - 2014-12-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-12-24 14:47 - 2015-01-13 22:22 - 00000000 ____D () C:\Program Files\Heroes of the Storm
2014-12-24 14:43 - 2014-12-24 14:44 - 03083832 _____ (Blizzard Entertainment) C:\Users\Andi\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-12-18 17:44 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:38 - 2013-12-12 19:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:38 - 2013-12-12 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 22:38 - 2013-12-12 19:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 22:37 - 2013-11-22 23:10 - 00000000 ____D () C:\Users\Andi\AppData\Local\Battle.net
2015-01-13 22:28 - 2013-10-12 01:47 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:24 - 2013-10-12 01:09 - 01574759 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:20 - 2013-10-12 01:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 22:20 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 22:20 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 22:20 - 2009-07-14 05:34 - 00020656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 22:08 - 2014-04-23 16:20 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job
2015-01-13 18:58 - 2014-01-01 19:57 - 00000000 ____D () C:\AdwCleaner
2015-01-13 18:58 - 2013-10-12 01:12 - 00000000 ____D () C:\Users\Andi
2015-01-13 17:08 - 2014-04-23 16:20 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job
2015-01-13 17:01 - 2013-10-12 23:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-12 20:19 - 2014-05-30 15:03 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 activator
2015-01-12 20:18 - 2014-05-30 14:49 - 00000000 ____D () C:\Users\Andi\Downloads\Windows 7 Loader - Activator
2015-01-12 18:47 - 2013-11-27 18:25 - 00000000 ___RD () C:\Users\Andi\Dropbox
2015-01-12 18:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-12 18:44 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Dropbox
2015-01-11 22:22 - 2013-10-12 02:00 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\TS3Client
2015-01-11 16:43 - 2014-09-19 20:36 - 00002286 _____ () C:\Users\Andi\Desktop\Chrome App Launcher.lnk
2015-01-11 15:01 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-11 15:01 - 2009-07-14 03:04 - 00001688 _____ () C:\Windows\system32\autoexec.nt
2015-01-11 14:59 - 2013-12-13 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-01-11 14:59 - 2013-10-12 22:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 14:59 - 2013-10-12 02:06 - 00000000 ____D () C:\Windows\Panther
2015-01-11 14:48 - 2013-10-21 19:43 - 00000000 ____D () C:\Program Files\Steam
2015-01-11 14:44 - 2009-07-14 05:33 - 00327920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 13:57 - 2013-10-12 02:00 - 00064496 _____ () C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 12:25 - 2010-11-20 22:01 - 01618608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 12:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Mozilla
2014-12-28 11:13 - 2013-11-22 23:10 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-28 01:17 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Spotify
2014-12-27 22:18 - 2014-05-31 11:43 - 00000000 ____D () C:\Users\Andi\AppData\Local\Spotify
2014-12-27 22:15 - 2013-10-12 20:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 18:21 - 2013-10-12 20:32 - 00000000 ____D () C:\Users\Andi\AppData\Local\Thunderbird
2014-12-24 14:45 - 2013-11-22 23:10 - 00000000 ____D () C:\Program Files\Battle.net
2014-12-21 22:23 - 2013-10-23 17:08 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Skype
2014-12-19 18:55 - 2013-11-27 18:25 - 00001013 _____ () C:\Users\Andi\Desktop\Dropbox.lnk
2014-12-19 18:55 - 2013-11-27 18:24 - 00000000 ____D () C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 17:35 - 2014-09-19 20:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-14 22:49 - 2014-09-19 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 22:28

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Andi at 2015-01-13 22:41:45
Running from C:\Users\Andi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Combat Tracker (remove only) (HKLM\...\Advanced Combat Tracker) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (HKLM\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
ChromecastApp (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Etron USB3.0 Host Controller (Version: 0.115 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Lara Croft and the Guardian of Light (HKLM\...\Steam App 35130) (Version:  - Crystal Dynamics)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Panda Security Toolbar (HKLM\...\pandasecuritytb) (Version: 4.2.1.7 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM\...\Panda Security URL Filtering) (Version: 2.0.2.0 - Panda Security)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF24 Creator 6.3.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1997967318-605228079-2081898283-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TP-LINK TL-WN823N Driver (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.2.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.2.1 - TP-LINK)
Uplay (HKLM\...\Uplay) (Version: 4.0 - Ubisoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKLM\...\{E08EFB73-9F4C-4A70-9BE7-464C62F3D880}) (Version: 21.05.8586 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1997967318-605228079-2081898283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Andi\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

04-01-2015 22:35:18 Geplanter Prüfpunkt
09-01-2015 21:21:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 11:46:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 12:03:35 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
12-01-2015 23:49:59 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {060540A1-4930-4447-A148-C120459464C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {0AE1ADD4-D9B5-4431-8B71-F5B2500BE1FB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3B5D2A69-1F3D-4398-B33E-E6DCB3F82186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {95667D08-89EB-4005-8F20-C52F6E7C618F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {E427ABB8-7EF6-4DBA-A565-C3744AA6E556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F41BDFC3-69DF-4E9D-8055-D1BA3F90FE25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000Core.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1997967318-605228079-2081898283-1000UA.job => C:\Users\Andi\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 17:13 - 2014-09-15 17:13 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 06:10 - 2014-02-11 06:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-09-15 17:13 - 2014-09-15 17:13 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00308048 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2013-10-12 02:15 - 2013-10-12 02:15 - 00851456 _____ () C:\Users\Andi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-04-26 13:43 - 2012-03-07 09:52 - 00841728 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-04-26 13:43 - 2012-03-07 09:53 - 01411584 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-04-26 13:43 - 2012-03-07 09:53 - 00192512 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-04-26 13:43 - 2012-03-07 09:54 - 00293376 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 26065408 _____ () C:\Program Files\Battle.net\Battle.net.5383\libcef.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00739840 _____ () C:\Program Files\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00907776 _____ () C:\Program Files\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00130048 _____ () C:\Program Files\Battle.net\Battle.net.5383\libEGL.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00020992 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00021504 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00205312 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00225792 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00015872 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00312832 _____ () C:\Program Files\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00054272 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-24 14:45 - 2014-12-24 14:45 - 00010240 _____ () C:\Program Files\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-09 23:38 - 2014-12-09 23:38 - 16841392 ____N () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194225.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Andi\Desktop\IMG_20141012_194233.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1997967318-605228079-2081898283-500 - Administrator - Disabled)
Andi (S-1-5-21-1997967318-605228079-2081898283-1000 - Administrator - Enabled) => C:\Users\Andi
Gast (S-1-5-21-1997967318-605228079-2081898283-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000007
ID des fehlerhaften Prozesses: 0x107c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/13/2015 10:20:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 10:20:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/13/2015 07:42:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 07:41:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 06:59:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (01/13/2015 06:59:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/13/2015 06:58:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Panda Devices Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/13/2015 10:20:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 07:42:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 06:59:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:58:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2015 04:57:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001

Error: (01/13/2015 04:57:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: 0x80070422

Error: (01/12/2015 06:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 02:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c000000500000007107c01d02da5538ec50bC:\Users\Andi\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownb481473c-9998-11e4-b333-bc5ff4d811f4

Error: (01/11/2015 02:45:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:04:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 82%
Total physical RAM: 3044.74 MB
Available physical RAM: 530.14 MB
Total Pagefile: 6087.77 MB
Available Pagefile: 2816.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:316.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2A81D958)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Win7: compatibilitycheck Virus/Trojaner
adware, avira, browser, compatibilitycheck, compatibilitycheck.exe, desktop, elex-tech, failed, fehler, flash player, google, helper, homepage, mozilla, problem, realtek, registry, scan, security, sekunden, services.exe, software, svchost.exe, system, taskmanager, teredo, tracker, usb, windows, wiso




Ähnliche Themen: Win7: compatibilitycheck Virus/Trojaner


  1. Win7, lästiges Problem mit DiisCountExtiensi, nicht deinstallierbar, ständig Werbung Hijack/Virus/Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2015 (3)
  2. CompatibilityCheck.exe verschlingt meine Ressourcen
    Log-Analyse und Auswertung - 16.04.2015 (32)
  3. compatibilitycheck.exe läuft im Taskmanager und ich höre Ständig nervige Werbung
    Log-Analyse und Auswertung - 02.04.2015 (19)
  4. Windows 7: (compatibilitycheck.exe) PC sehr belastet und Prozesse lassen sich nicht schließen.
    Log-Analyse und Auswertung - 27.03.2015 (21)
  5. Problem mit Compatibilitycheck.exe und PoPups
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (9)
  6. Probleme wie andere mit compatibilitycheck.exe Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (13)
  7. Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (39)
  8. Windows 7: compatibilitycheck.exe erscheint unaufgefordert und nutzt PC Leistung
    Log-Analyse und Auswertung - 22.01.2015 (26)
  9. Problem mit compatibilitycheck.exe schnell und freundlich gelöst
    Lob, Kritik und Wünsche - 22.01.2015 (0)
  10. Windows 7: Virus compatibilitycheck.exe spielt Werbung im Hintergrund ab
    Log-Analyse und Auswertung - 19.01.2015 (11)
  11. was ist Compatibilitycheck.exe und warum öffnet es sich 10 mal?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2015 (3)
  12. compatibilitycheck
    Log-Analyse und Auswertung - 17.01.2015 (27)
  13. Win7: Unbekannter Trojaner oder Virus nach Fernwartung
    Log-Analyse und Auswertung - 17.03.2014 (20)
  14. Win7 - keine Anmeldung mehr möglich - Trojaner/Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (7)
  15. Win7: IHaveNet-Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2013 (21)
  16. Trojaner Virus Bild erlaubt nur den abgesicherten Modus.Win7
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  17. Noch ein xxx.JPG.scr Virus/Trojaner via Facebook-Chat/ Win7 64bit startet nicht
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (28)

Zum Thema Win7: compatibilitycheck Virus/Trojaner - Hallo zusammen, ich denke ich habe seit einigen Tagen meinen ersten Virus/Trojaner auf meinem PC. Dieser äußert sich darin, dass er meine PC-Performance deutlich herunterzieht und somit alles langsamer ist. - Win7: compatibilitycheck Virus/Trojaner...
Archiv
Du betrachtest: Win7: compatibilitycheck Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.