|
Plagegeister aller Art und deren Bekämpfung: Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende FensterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.01.2015, 19:30 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Ok, weiter mit MBAR: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2015, 20:03 | #17 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende FensterCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004 www.malwarebytes.org Database version: main: v2015.01.31.04 rootkit: v2015.01.14.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17501 Katharina :: KATHARINA-PC [administrator] 31.01.2015 19:33:51 mbar-log-2015-01-31 (19-33-51).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 447258 Time elapsed: 25 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
31.01.2015, 20:53 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Adware/Junkware/Toolbars entfernen
__________________(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
31.01.2015, 21:43 | #19 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Hier der Log vom Adwcleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 21:04:18 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Katharina - KATHARINA-PC # Gestartet von : C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : netfilter64 [#] Dienst Gelöscht : rqpbhevlkc64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak Ordner Gelöscht : C:\Program Files\004 Ordner Gelöscht : C:\Program Files\coupon downloader Ordner Gelöscht : C:\Program Files\CouponDownloader Ordner Gelöscht : C:\Users\Admin\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Katharina\AppData\Roaming\Compatibility Verifier Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys Datei Gelöscht : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\invalidprefs.js Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\searchplugins\SafeFinder Search.xml Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\user.js Datei Gelöscht : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\user.js ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA6289D6-676C-4497-88CC-9E2E15488944} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\CouponDownloader Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v35.0.1 (x86 de) [tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&u[...] [tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search"); [tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=hp&installDate={installDate}&barcodeid={barcod[...] [tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&[...] [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...] [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149d724d0fa8b-005226cfc521298-40524136-0-149d724d0fb2c4\""); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1423226809"); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"f869a5dcfdc069dc8516f917fe02656c557cdcd7\""); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5660996097"); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"0a689d49b6d379d817513f2bb8bd8f8b1c47a8af\""); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.install", "1416653754626"); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true"); [j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j0bwoh1k.default\\\\extensions\\\\abs[...] ************************* AdwCleaner[R0].txt - [10003 octets] - [31/01/2015 21:02:40] AdwCleaner[S0].txt - [8725 octets] - [31/01/2015 21:04:18] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8785 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by Katharina on 31.01.2015 at 21:22:56,21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\searchplugins\avira-safesearch.xml Successfully deleted: [Folder] C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\extensions\safesearch@avira.com Successfully deleted the following from C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\prefs.js user_pref("avira.safe_search.search_was_active", "false"); user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save- user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roa user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149d724d0fa8b-005226cfc521298-40524136-0-149d724d0fb2c4\""); user_pref("extensions.safesearch.SAUTH_expires_at", "1423340235"); user_pref("extensions.safesearch.SAUTH_rndsnr", "\"fd9f4304efcfd5048d833a8c1473e829aed6e8d4\""); user_pref("extensions.safesearch.SAUTH_userid", "5819772343"); user_pref("extensions.safesearch.SAUTH_utoken", "\"b0017228c7dcab3deab4ca93e5a05faf072e3806\""); user_pref("extensions.safesearch.install", "1422735437212"); user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j0bwoh1k.def Emptied folder: C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\minidumps [53 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31.01.2015 at 21:26:47,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Die Addition ist nicht mehr von vornherein mit einem Häckchen versehen und ich bekomme davon auch keinen Log. Soll ich die Addition extra anklicken? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01 Ran by Katharina (administrator) on KATHARINA-PC on 31-01-2015 21:38:30 Running from C:\Users\Katharina\Desktop Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404DE404 BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) Toolbar: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\abs@avira.com [2015-01-23] FF Extension: Lightbeam - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-26] FF Extension: Adblock Edge - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-30] FF HKLM-x32\...\Firefox\Extensions: [fe_4.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012-01-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-27] FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012-01-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed] R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Verifies and fixes application compatibility issues; C:\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 21:38 - 2015-01-31 21:38 - 02130944 _____ (Farbar) C:\Users\Katharina\Desktop\FRST64.exe 2015-01-31 21:26 - 2015-01-31 21:26 - 00002273 _____ () C:\Users\Katharina\Desktop\JRT.txt 2015-01-31 21:22 - 2015-01-31 21:22 - 00000000 ____D () C:\Windows\ERUNT 2015-01-31 21:19 - 2015-01-31 21:19 - 01707939 _____ (Thisisu) C:\Users\Katharina\Desktop\JRT.exe 2015-01-31 21:14 - 2015-01-31 21:14 - 00003416 ____N () C:\bootsqm.dat 2015-01-31 21:02 - 2015-01-31 21:04 - 00000000 ____D () C:\AdwCleaner 2015-01-31 21:01 - 2015-01-31 21:01 - 02194432 _____ () C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe 2015-01-31 19:33 - 2015-01-31 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-31 19:33 - 2015-01-31 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 19:33 - 2015-01-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 19:32 - 2015-01-31 20:01 - 00000000 ____D () C:\Users\Katharina\Desktop\mbar 2015-01-31 19:32 - 2015-01-31 19:32 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-31 19:31 - 2015-01-31 19:32 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Katharina\Desktop\mbar-1.08.3.1004.exe 2015-01-31 19:16 - 2015-01-31 19:16 - 00030703 _____ () C:\ComboFix.txt 2015-01-31 19:03 - 2015-01-31 19:16 - 00000000 ____D () C:\Qoobox 2015-01-31 19:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-31 19:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-31 19:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-31 19:02 - 2015-01-31 19:15 - 00000000 ____D () C:\Windows\erdnt 2015-01-31 19:01 - 2015-01-31 19:01 - 05611408 ____R (Swearware) C:\Users\Katharina\Desktop\ComboFix.exe 2015-01-31 17:15 - 2015-01-31 17:15 - 00050220 _____ () C:\Users\Katharina\Desktop\Addition.txt 2015-01-31 17:07 - 2015-01-31 21:38 - 00022457 _____ () C:\Users\Katharina\Desktop\FRST.txt 2015-01-30 19:03 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-01-30 19:03 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-01-30 15:32 - 2015-01-31 21:38 - 00000000 ____D () C:\FRST 2015-01-30 13:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-01-30 13:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-01-29 23:53 - 2015-01-30 13:43 - 00008192 _____ () C:\Windows\system32\persistent_q.db 2015-01-29 23:53 - 2015-01-30 13:42 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-01-29 23:53 - 2015-01-30 13:42 - 00023088 _____ () C:\Windows\system32\persistent_q.db-wal 2015-01-29 23:52 - 2015-01-29 23:52 - 00000000 ____D () C:\Windows\SysWOW64\%Report% 2015-01-28 15:30 - 2015-01-28 15:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-01-28 14:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2015-01-28 14:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-01-28 14:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-01-28 14:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2015-01-28 14:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2015-01-28 14:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-01-28 14:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-01-28 14:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-01-28 14:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2015-01-28 14:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2015-01-28 14:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-28 14:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-01-28 14:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-01-28 14:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-01-28 14:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-01-28 14:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-01-28 14:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-01-28 14:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-01-28 14:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2015-01-28 14:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2015-01-28 09:12 - 2015-01-28 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 13:45 - 2015-01-27 13:45 - 00002330 _____ () C:\Users\Katharina\Desktop\Sicherer Zahlungsverkehr.lnk 2015-01-27 13:43 - 2015-01-27 13:43 - 00003402 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-27 11:23 - 2015-01-27 11:23 - 00002330 _____ () C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk 2015-01-27 11:22 - 2015-01-27 11:22 - 00002144 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-01-27 11:22 - 2015-01-27 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-01-27 11:22 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-01-27 11:20 - 2015-01-31 21:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Windows\ELAMBKUP 2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-01-27 11:20 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-01-27 11:03 - 2015-01-27 11:05 - 204166464 _____ () C:\Users\Katharina\Downloads\kis15.0.1.415de_6844.exe 2015-01-23 22:38 - 2015-01-27 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-23 22:38 - 2015-01-23 22:38 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-23 22:37 - 2015-01-27 11:13 - 00000000 ____D () C:\ProgramData\Avira 2015-01-23 22:36 - 2015-01-23 22:36 - 04514312 _____ (Avira Operations & Co. KG) C:\Users\Katharina\Downloads\avira_de_av_5802373949__ws.exe 2015-01-19 19:58 - 2015-01-19 19:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-19 19:57 - 2015-01-28 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 19:57 - 2015-01-19 19:58 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-19 19:55 - 2015-01-19 19:56 - 39724152 _____ () C:\Users\Katharina\Downloads\Firefox_Setup_35.0.exe 2015-01-19 19:47 - 2015-01-28 14:12 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieSiteList 2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieUserList 2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieBrowserModeList 2015-01-19 15:15 - 2015-01-19 15:15 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-15 18:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 18:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 18:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 18:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 18:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 18:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 18:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 18:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 18:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 18:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 18:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 14:54 - 2015-01-27 01:08 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2015-01-15 14:52 - 2015-01-27 10:57 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\Panda Security 2015-01-15 14:51 - 2015-01-27 10:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2015-01-15 14:50 - 2015-01-27 10:58 - 00000000 ____D () C:\ProgramData\Panda Security 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-13 23:14 - 2015-01-29 15:51 - 00000112 _____ () C:\ProgramData\vNJJbE.dat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 21:31 - 2010-09-15 16:10 - 02042163 _____ () C:\Windows\WindowsUpdate.log 2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 21:15 - 2010-11-01 17:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-31 21:14 - 2010-09-15 16:07 - 00401332 _____ () C:\Windows\PFRO.log 2015-01-31 21:14 - 2009-07-14 05:51 - 00260133 _____ () C:\Windows\setupact.log 2015-01-31 21:02 - 2010-11-01 17:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 19:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-31 19:14 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-31 17:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-31 16:55 - 2011-01-13 17:59 - 00001421 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-30 16:00 - 2010-11-03 20:08 - 00000000 ____D () C:\Users\Admin 2015-01-30 08:34 - 2014-07-02 09:54 - 00000000 ____D () C:\Users\Gast 2015-01-30 08:34 - 2010-11-01 14:30 - 00000000 ____D () C:\Users\Katharina 2015-01-30 08:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-29 11:55 - 2010-09-16 02:02 - 01398844 _____ () C:\Windows\system32\perfh007.dat 2015-01-29 11:55 - 2010-09-16 02:02 - 00374018 _____ () C:\Windows\system32\perfc007.dat 2015-01-29 11:55 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 15:26 - 2011-08-24 10:12 - 00000000 ____D () C:\Users\Katharina\Documents\Steuern 2015-01-28 15:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-28 15:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-28 14:12 - 2010-11-01 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3 2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-27 17:53 - 2010-11-13 16:09 - 00000000 ____D () C:\Users\Katharina\AppData\Local\CutePDF Writer 2015-01-27 11:27 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-01-27 11:27 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-01-27 11:27 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys 2015-01-27 11:23 - 2011-01-13 17:59 - 00148104 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 11:13 - 2012-11-03 14:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-27 11:00 - 2010-11-01 14:30 - 00148104 _____ () C:\Users\Katharina\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 11:00 - 2009-07-14 05:45 - 00518584 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-27 10:31 - 2012-03-29 21:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-27 10:31 - 2012-03-14 19:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-26 20:53 - 2014-08-23 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-23 22:37 - 2014-08-07 08:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-15 19:06 - 2013-07-13 12:43 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 18:46 - 2012-06-30 21:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 17:09 - 2014-11-26 11:06 - 00000000 ____D () C:\Temp 2015-01-07 21:02 - 2014-11-13 17:28 - 00000000 ____D () C:\Users\Katharina\Desktop\ideen-sammlung 2015-01-06 04:36 - 2010-11-01 17:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-11-19 21:57 - 2014-11-19 21:57 - 6000640 _____ () C:\Program Files (x86)\GUTA17D.tmp 2011-07-10 17:07 - 2014-07-03 19:18 - 0014848 _____ () C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-05 18:58 - 2014-07-05 18:58 - 0000218 _____ () C:\Users\Katharina\AppData\Local\recently-used.xbel 2010-09-15 16:31 - 2010-09-15 16:34 - 0016104 _____ () C:\ProgramData\ArcadeDeluxe4.log 2011-01-17 19:30 - 2011-01-17 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-07-02 12:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2014-06-14 21:50 - 2014-06-14 21:50 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2015-01-13 23:14 - 2015-01-29 15:51 - 0000112 _____ () C:\ProgramData\vNJJbE.dat Files to move or delete: ==================== C:\ProgramData\vNJJbE.dat Some content of TEMP: ==================== C:\Users\Katharina\AppData\Local\Temp\Quarantine.exe C:\Users\Katharina\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 01:16 ==================== End Of Log ============================ --- --- --- |
31.01.2015, 21:52 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2015, 22:05 | #21 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Ok, dann hier die ganz aktuelle FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01 Ran by Katharina (administrator) on KATHARINA-PC on 31-01-2015 22:02:16 Running from C:\Users\Katharina\Desktop Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404DE404 BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) Toolbar: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\abs@avira.com [2015-01-23] FF Extension: Lightbeam - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-26] FF Extension: Adblock Edge - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-30] FF HKLM-x32\...\Firefox\Extensions: [fe_4.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012-01-04] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-27] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-27] FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012-01-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.) R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.) R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed] R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Verifies and fixes application compatibility issues; C:\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-27] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 21:38 - 2015-01-31 21:38 - 02130944 _____ (Farbar) C:\Users\Katharina\Desktop\FRST64.exe 2015-01-31 21:26 - 2015-01-31 21:26 - 00002273 _____ () C:\Users\Katharina\Desktop\JRT.txt 2015-01-31 21:22 - 2015-01-31 21:22 - 00000000 ____D () C:\Windows\ERUNT 2015-01-31 21:19 - 2015-01-31 21:19 - 01707939 _____ (Thisisu) C:\Users\Katharina\Desktop\JRT.exe 2015-01-31 21:14 - 2015-01-31 21:14 - 00003416 ____N () C:\bootsqm.dat 2015-01-31 21:02 - 2015-01-31 21:04 - 00000000 ____D () C:\AdwCleaner 2015-01-31 21:01 - 2015-01-31 21:01 - 02194432 _____ () C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe 2015-01-31 19:33 - 2015-01-31 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-31 19:33 - 2015-01-31 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 19:33 - 2015-01-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 19:32 - 2015-01-31 20:01 - 00000000 ____D () C:\Users\Katharina\Desktop\mbar 2015-01-31 19:32 - 2015-01-31 19:32 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-31 19:31 - 2015-01-31 19:32 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Katharina\Desktop\mbar-1.08.3.1004.exe 2015-01-31 19:16 - 2015-01-31 19:16 - 00030703 _____ () C:\ComboFix.txt 2015-01-31 19:03 - 2015-01-31 19:16 - 00000000 ____D () C:\Qoobox 2015-01-31 19:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-31 19:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-31 19:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-31 19:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-31 19:02 - 2015-01-31 19:15 - 00000000 ____D () C:\Windows\erdnt 2015-01-31 19:01 - 2015-01-31 19:01 - 05611408 ____R (Swearware) C:\Users\Katharina\Desktop\ComboFix.exe 2015-01-31 17:15 - 2015-01-31 17:15 - 00050220 _____ () C:\Users\Katharina\Desktop\Addition.txt 2015-01-31 17:07 - 2015-01-31 22:02 - 00022400 _____ () C:\Users\Katharina\Desktop\FRST.txt 2015-01-30 19:03 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-01-30 19:03 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-01-30 15:32 - 2015-01-31 22:02 - 00000000 ____D () C:\FRST 2015-01-30 13:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-01-30 13:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-01-29 23:53 - 2015-01-30 13:43 - 00008192 _____ () C:\Windows\system32\persistent_q.db 2015-01-29 23:53 - 2015-01-30 13:42 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-01-29 23:53 - 2015-01-30 13:42 - 00023088 _____ () C:\Windows\system32\persistent_q.db-wal 2015-01-29 23:52 - 2015-01-29 23:52 - 00000000 ____D () C:\Windows\SysWOW64\%Report% 2015-01-28 15:30 - 2015-01-28 15:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-01-28 14:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2015-01-28 14:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-01-28 14:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-01-28 14:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2015-01-28 14:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2015-01-28 14:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-01-28 14:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-01-28 14:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-01-28 14:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2015-01-28 14:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2015-01-28 14:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-28 14:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-01-28 14:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-01-28 14:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-01-28 14:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-01-28 14:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-01-28 14:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-01-28 14:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-01-28 14:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2015-01-28 14:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2015-01-28 09:12 - 2015-01-28 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 13:45 - 2015-01-27 13:45 - 00002330 _____ () C:\Users\Katharina\Desktop\Sicherer Zahlungsverkehr.lnk 2015-01-27 13:43 - 2015-01-27 13:43 - 00003402 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-27 11:23 - 2015-01-27 11:23 - 00002330 _____ () C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk 2015-01-27 11:22 - 2015-01-27 11:22 - 00002144 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-01-27 11:22 - 2015-01-27 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-01-27 11:22 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-01-27 11:20 - 2015-01-31 21:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Windows\ELAMBKUP 2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-01-27 11:20 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-01-27 11:03 - 2015-01-27 11:05 - 204166464 _____ () C:\Users\Katharina\Downloads\kis15.0.1.415de_6844.exe 2015-01-23 22:38 - 2015-01-27 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-23 22:38 - 2015-01-23 22:38 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-23 22:37 - 2015-01-27 11:13 - 00000000 ____D () C:\ProgramData\Avira 2015-01-23 22:36 - 2015-01-23 22:36 - 04514312 _____ (Avira Operations & Co. KG) C:\Users\Katharina\Downloads\avira_de_av_5802373949__ws.exe 2015-01-19 19:58 - 2015-01-19 19:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-19 19:57 - 2015-01-28 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 19:57 - 2015-01-19 19:58 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-19 19:55 - 2015-01-19 19:56 - 39724152 _____ () C:\Users\Katharina\Downloads\Firefox_Setup_35.0.exe 2015-01-19 19:47 - 2015-01-28 14:12 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieSiteList 2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieUserList 2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieBrowserModeList 2015-01-19 15:15 - 2015-01-19 15:15 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-15 18:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 18:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 18:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-15 18:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-15 18:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-15 18:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-15 18:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-15 18:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-15 18:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 18:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-15 18:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 14:54 - 2015-01-27 01:08 - 00000000 ____D () C:\ProgramData\panda_url_filtering 2015-01-15 14:52 - 2015-01-27 10:57 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\Panda Security 2015-01-15 14:51 - 2015-01-27 10:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2015-01-15 14:50 - 2015-01-27 10:58 - 00000000 ____D () C:\ProgramData\Panda Security 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-13 23:14 - 2015-01-29 15:51 - 00000112 _____ () C:\ProgramData\vNJJbE.dat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 22:02 - 2010-11-01 17:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 21:31 - 2010-09-15 16:10 - 02042163 _____ () C:\Windows\WindowsUpdate.log 2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 21:15 - 2010-11-01 17:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-31 21:14 - 2010-09-15 16:07 - 00401332 _____ () C:\Windows\PFRO.log 2015-01-31 21:14 - 2009-07-14 05:51 - 00260133 _____ () C:\Windows\setupact.log 2015-01-31 19:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-01-31 19:14 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-31 17:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-31 16:55 - 2011-01-13 17:59 - 00001421 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-30 16:00 - 2010-11-03 20:08 - 00000000 ____D () C:\Users\Admin 2015-01-30 08:34 - 2014-07-02 09:54 - 00000000 ____D () C:\Users\Gast 2015-01-30 08:34 - 2010-11-01 14:30 - 00000000 ____D () C:\Users\Katharina 2015-01-30 08:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-01-29 11:55 - 2010-09-16 02:02 - 01398844 _____ () C:\Windows\system32\perfh007.dat 2015-01-29 11:55 - 2010-09-16 02:02 - 00374018 _____ () C:\Windows\system32\perfc007.dat 2015-01-29 11:55 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-28 15:26 - 2011-08-24 10:12 - 00000000 ____D () C:\Users\Katharina\Documents\Steuern 2015-01-28 15:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-28 15:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-28 14:12 - 2010-11-01 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3 2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-27 17:53 - 2010-11-13 16:09 - 00000000 ____D () C:\Users\Katharina\AppData\Local\CutePDF Writer 2015-01-27 11:27 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-01-27 11:27 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-01-27 11:27 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys 2015-01-27 11:23 - 2011-01-13 17:59 - 00148104 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 11:13 - 2012-11-03 14:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-27 11:00 - 2010-11-01 14:30 - 00148104 _____ () C:\Users\Katharina\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 11:00 - 2009-07-14 05:45 - 00518584 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-27 10:31 - 2012-03-29 21:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-27 10:31 - 2012-03-14 19:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-26 20:53 - 2014-08-23 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-23 22:37 - 2014-08-07 08:40 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-15 19:06 - 2013-07-13 12:43 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 18:46 - 2012-06-30 21:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-12 17:09 - 2014-11-26 11:06 - 00000000 ____D () C:\Temp 2015-01-07 21:02 - 2014-11-13 17:28 - 00000000 ____D () C:\Users\Katharina\Desktop\ideen-sammlung 2015-01-06 04:36 - 2010-11-01 17:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-11-19 21:57 - 2014-11-19 21:57 - 6000640 _____ () C:\Program Files (x86)\GUTA17D.tmp 2011-07-10 17:07 - 2014-07-03 19:18 - 0014848 _____ () C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-05 18:58 - 2014-07-05 18:58 - 0000218 _____ () C:\Users\Katharina\AppData\Local\recently-used.xbel 2010-09-15 16:31 - 2010-09-15 16:34 - 0016104 _____ () C:\ProgramData\ArcadeDeluxe4.log 2011-01-17 19:30 - 2011-01-17 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2010-07-02 12:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe 2014-06-14 21:50 - 2014-06-14 21:50 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt 2015-01-13 23:14 - 2015-01-29 15:51 - 0000112 _____ () C:\ProgramData\vNJJbE.dat Files to move or delete: ==================== C:\ProgramData\vNJJbE.dat Some content of TEMP: ==================== C:\Users\Katharina\AppData\Local\Temp\Quarantine.exe C:\Users\Katharina\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 01:16 ==================== End Of Log ============================ und die Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01 Ran by Katharina at 2015-01-31 22:02:53 Running from C:\Users\Katharina\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.0.7615 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 4.0.7615 - CyberLink Corp.) Hidden Acer Arcade Movie (x32 Version: 9.0.6423 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems) Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.) Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3004 - Acer Incorporated) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0222.2010 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.05001 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden Camera Support Core Library (x32 Version: 7.1.0.11 - Canon) Hidden Camera Window DS (x32 Version: 5.0 - Canon) Hidden Camera Window DVC (x32 Version: 5.0 - Canon) Hidden Camera Window MC (x32 Version: 5.0 - Canon) Hidden Canon Camera Support Core Library (HKLM-x32\...\InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}) (Version: 7.1.0.11 - Canon) Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}) (Version: 5.0 - Canon) Canon Camera Window DVC for ZoomBrowser EX (HKLM-x32\...\InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}) (Version: 5.0 - Canon) Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}) (Version: 5.0 - Canon) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}) (Version: 1.2.0.21 - Canon) Canon PhotoRecord (HKLM-x32\...\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}) (Version: 02.01.00069 - Cisra) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}) (Version: 1.2 - Canon) Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}) (Version: 1.1 - Canon) Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon) Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.00.0000 - Canon) ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.) Freecom GREEN BUTTON 1.68 (HKLM-x32\...\Freecom GREEN BUTTON_is1) (Version: - Freecom) Freecom Product Update 1.06 (HKLM-x32\...\Freecom Product Update_is1) (Version: - Freecom) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Internet Library (x32 Version: 1.3.3 - Canon Inc.) Hidden IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.) MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MovieEdit Task (x32 Version: 1.2.0.21 - Canon) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.2.100.0 - Nokia) Nokia Suite (x32 Version: 3.2.100.0 - Nokia) Hidden NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden Optical Drive Power Management (HKLM-x32\...\{AE09C972-EEB2-4DA5-8090-0FCF54576854}) (Version: 1.01.3007 - Acer Incorporated) PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.) PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia) PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems) Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden RAW Image Task 1.2 (x32 Version: 1.2 - Canon) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.) RemoteCapture Task 1.1 (x32 Version: 1.1 - Canon) Hidden Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-915058341-270865521-300301036-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File ==================== Restore Points ========================= 19-01-2015 15:05:25 Windows Update 22-01-2015 22:20:50 Windows Update 28-01-2015 08:40:52 Windows Update 28-01-2015 14:07:02 OpenOffice.org 3.2 wird entfernt 28-01-2015 14:18:45 Windows Update 28-01-2015 15:52:31 Removed Apple Application Support 28-01-2015 15:55:30 Removed QuickTime 7 29-01-2015 15:56:39 Windows Update 29-01-2015 22:38:22 Windows Update 30-01-2015 19:19:23 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-01-31 19:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02012F14-E83A-49B6-B5FD-3941383119CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {1EF8307B-611E-42FB-B7A1-D9DCAD70A4E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {25F7AE35-7C51-43FB-9D02-4C3664B6FF2A} - System32\Tasks\{0F4D9BCA-E99A-4C21-A2D4-B6EDCE2CA8D2} => C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe [2009-08-21] (Pinnacle Systems) Task: {3077D501-8B37-4D72-8527-DE3C70D64A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {595EB79A-7DF6-4119-A16E-739A7943178F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {7F84C298-4234-4292-8A57-B868525E4438} - System32\Tasks\{93150DFB-96BB-41D2-B762-9401216848A7} => C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe [2009-08-21] (Pinnacle Systems) Task: {9AADA551-4AA3-4D74-9941-A413395DA1B2} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14] (Scansoft, Inc.) Task: {BC71D0A6-390B-4BE4-8FD1-AE7C4FBDDCB4} - System32\Tasks\{DA61F103-4DCD-44EA-AF42-4BEBCC79CA28} => C:\Program Files (x86)\Skype\\Phone\Skype.exe Task: {E38705BA-0431-4C7F-A706-8530FF747056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-13 16:08 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2010-09-15 16:32 - 2010-02-03 09:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 2010-03-26 10:46 - 2010-03-26 10:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2010-03-26 09:41 - 2010-03-26 09:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-15 16:10 - 2010-09-15 16:10 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-05-25 01:16 - 2010-05-25 01:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-05-25 01:09 - 2010-05-25 01:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-07-02 13:00 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-12-19 12:33 - 2014-12-19 12:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2010-07-02 12:24 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2015-01-28 09:12 - 2015-01-28 09:12 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-08-30 17:12 - 2015-01-27 11:27 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-08-30 17:12 - 2015-01-27 11:27 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll 2014-08-30 17:12 - 2015-01-27 11:27 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 AlternateDataStreams: C:\ProgramData\Temp:E3C56885 AlternateDataStreams: C:\Users\Katharina\Desktop\PA124315.JPG:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Admin (S-1-5-21-915058341-270865521-300301036-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-915058341-270865521-300301036-500 - Administrator - Disabled) Gast (S-1-5-21-915058341-270865521-300301036-501 - Limited - Disabled) => C:\Users\Gast Katharina (S-1-5-21-915058341-270865521-300301036-1000 - Administrator - Enabled) => C:\Users\Katharina ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: High Definition Audio-Controller Description: High Definition Audio-Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2015-01-31 19:13:20.834 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-31 19:13:20.600 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-20 19:58:34.448 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:58:34.246 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:57:22.762 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:57:22.572 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:57:08.896 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:57:08.675 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:56:00.521 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-20 19:56:00.329 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 44% Total physical RAM: 3766.69 MB Available physical RAM: 2108.85 MB Total Pagefile: 7531.56 MB Available Pagefile: 5345.65 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:359.29 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9B473814) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
31.01.2015, 22:24 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\vNJJbE.dat AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 AlternateDataStreams: C:\ProgramData\Temp:E3C56885 EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2015, 22:38 | #23 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende FensterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01 Ran by Katharina at 2015-01-31 22:27:51 Run:1 Running from C:\Users\Katharina\Desktop Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\vNJJbE.dat AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 AlternateDataStreams: C:\ProgramData\Temp:E3C56885 EmptyTemp: Hosts: ***************** "HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\ProgramData\vNJJbE.dat => Moved successfully. C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully. C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully. C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully. C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully. C:\ProgramData\Temp => ":798A3728" ADS removed successfully. C:\ProgramData\Temp => ":93EB7685" ADS removed successfully. C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully. C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully. C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully. C:\ProgramData\Temp => ":E3C56885" ADS removed successfully. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. EmptyTemp: => Removed 521 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:28:47 ==== |
31.01.2015, 22:45 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Virenscanner bitte deaktivieren, dann den Fix wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
31.01.2015, 22:53 | #25 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende FensterCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01 Ran by Katharina at 2015-01-31 22:47:51 Run:2 Running from C:\Users\Katharina\Desktop Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = C:\ProgramData\vNJJbE.dat AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:1A60DE96 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 AlternateDataStreams: C:\ProgramData\Temp:E3C56885 EmptyTemp: Hosts: ***************** HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. "C:\ProgramData\vNJJbE.dat" => File/Directory not found. "C:\ProgramData\Temp" => ":0B9176C0" ADS not found. "C:\ProgramData\Temp" => ":1A60DE96" ADS not found. "C:\ProgramData\Temp" => ":4D066AD2" ADS not found. "C:\ProgramData\Temp" => ":5D7E5A8F" ADS not found. "C:\ProgramData\Temp" => ":798A3728" ADS not found. "C:\ProgramData\Temp" => ":93EB7685" ADS not found. "C:\ProgramData\Temp" => ":CDFF58FE" ADS not found. "C:\ProgramData\Temp" => ":E1F04E8D" ADS not found. "C:\ProgramData\Temp" => ":E36F5B57" ADS not found. "C:\ProgramData\Temp" => ":E3C56885" ADS not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 15.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:47:55 ==== |
01.02.2015, 01:12 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
02.02.2015, 13:31 | #27 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Hier das Log von Mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.02.2015 Suchlauf-Zeit: 10:55:11 Logdatei: mbamlog.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.02.01 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Katharina Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 447354 Verstrichene Zeit: 24 Min, 32 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 11 PUP.Optional.Snapdo.T, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [8a1fde3b385261d585735add48bb9070], PUP.Optional.QuickShare.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [efba1108246690a648b839fb946f966a], PUP.Optional.QuickShare.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [efba1108246690a648b839fb946f966a], PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [555410095733072f97f9c4c045be39c7], PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, In Quarantäne, [faaf4ccdb3d792a4730b23909a6922de], PUP.Optional.SmartBar, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [1c8d21f84644f64034495c9bd92b5ba5], PUP.Optional.SmartBar, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [9f0a1306aae00b2b89f325d26f9546ba], PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [179260b9fc8e7cbaaca942876c9755ab], PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [832626f3c6c4d3632544409f57adcc34], PUP.Optional.SafeFinder.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [5950c059ee9cb680401f8912ff04ca36], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [2287ff1a9eecd95d543452525da68779], Registrierungswerte: 4 PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [832626f3c6c4d3632544409f57adcc34] PUP.Optional.Snapdo.T, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [634623f690faef472f42ccd6ad56c739] PUP.Optional.SmartBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Admin\AppData\Local\Smartbar\Application\SafeFinder.exe startup, In Quarantäne, [d1d8ad6cf59533037ca3d80624e053ad] PUP.Optional.SafeFinder.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, IrsSF, In Quarantäne, [5950c059ee9cb680401f8912ff04ca36] Registrierungsdaten: 6 PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[862328f115753ff7c6822e775baac13f] PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZ6UDM1tEe65GVSWnrzlvhaJSCOjqJt6nkpL6V45FzKa_8u2SPrnwhxIJGdYH46uNUKgEQwC5EOrWDt3ZRYPfA,,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZ6UDM1tEe65GVSWnrzlvhaJSCOjqJt6nkpL6V45FzKa_8u2SPrnwhxIJGdYH46uNUKgEQwC5EOrWDt3ZRYPfA,,),Ersetzt,[a10847d2b1d96fc7c4859b0a45c021df] PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[faaf48d1b2d89c9aae99238251b416ea] PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[41689c7d454586b0fe4cdfc6b451c937] PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[535623f6e8a2da5c65e6f2b3d72e5da3] PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[3d6ced2cd7b361d577cfa401699ced13] Ordner: 2 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], Dateien: 12 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=bb30e862f6fc854eae71deba0d969080 # engine=22260 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-02 12:17:06 # local_time=2015-02-02 01:17:06 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1299 16777213 100 100 9838 50451056 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 148306 174509276 0 0 # scanned=202065 # found=98 # cleaned=76 # scan_time=4316 sh=BF9DFFEFCCB98DC98AE6E19AD270FF0831B8A10C ft=1 fh=bcc35720bc203060 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=06CDBC71C6BDB9E93948C5CE2F49A08F97A0DDC6 ft=1 fh=ee606ee69e82f760 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=46E4E1539DFE69AD69D43638A000EFCA4074C359 ft=1 fh=a2d4323422aa0320 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=549F9D02F1BB82B1AE776E8824051088CAFD9369 ft=1 fh=9b9fb80f44c4acb2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir" sh=C742319F480AB0BD6F4A8C4B12D4AC161BB07B92 ft=1 fh=77ff0dd2c6329cc6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir" sh=297D783EA1B3B0CB34EBCC34DC78237E5CAD7AFE ft=1 fh=8b517a8c8384579c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir" sh=110752710CFF65EE8907962F75DD2889196F30E7 ft=1 fh=79060f56cc622fd7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir" sh=C913CAD86540FFDF52389FF54E0163E7C09885AD ft=1 fh=eae5d36e67f1a44e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir" sh=044C6C40C001C097AA2B44471BA05DC09EA8A803 ft=1 fh=f23ec7f6bdf7579e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir" sh=A27D5B20809A5107590B4943EE7CABBF394BEDB3 ft=1 fh=b56e3bb8d53defcc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir" sh=C30936E2A17E58D0EB4AF2597ABEE10517C9DB70 ft=1 fh=ab2dfa641eb68ce0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir" sh=14CD07E24E23510F2395B3D1A4BEFF2573EE52EA ft=1 fh=a25d9b6f08145a4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir" sh=CEA566AE9EDCECDBC376341B5B0D7BF2FB3AC6D8 ft=1 fh=55130af85ebaf5dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir" sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir" sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir" sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir" sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir" sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir" sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir" sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" sh=C1E7128B7615A45DA58ACD5C03A4E915F7AC986C ft=1 fh=78ef2f13776efa13 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir" sh=114C6E3F181D885217F01A57AB6BA7AE5967D591 ft=1 fh=2c9a496a72d31deb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\FiddlerCore.dll.vir" sh=A5CAF7BEB27101EC3E7B41B09E056B864DF4BDFF ft=1 fh=847815f449274230 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\HtmlAgilityPack.dll.vir" sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir" sh=58818140D13797517B52324639762C1B45C297B4 ft=1 fh=08ad2334842d4386 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Interop.WMPLib.dll.vir" sh=ADF6D117CFE623A1B97CEA9CAF936A4973A35ADC ft=1 fh=cd46d83671e9cd1a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\lrcnt.dll.vir" sh=D3E46188CF09745BC751C54AC3AAFE57116DCF8F ft=1 fh=9194259f90a1d6ee vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\lrrot.dll.vir" sh=673FB4B5DA4C88B4440493FC5F7B42D31B0BBAC2 ft=1 fh=4e0ca983ccf491eb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir" sh=17A024B5B64729BC61709AB159B6DF8C9A88AF70 ft=1 fh=4f77376a18715ed7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\MouseKeyboardActivityMonitor.dll.vir" sh=CB2A499BF0F0AEC42A32EA6FB49E5C7A1387B731 ft=1 fh=c01d6e9ffa6b1b07 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\NDde.dll.vir" sh=6EF2C2BBAA6B6A123520CE9E0FDEE8FB48996A1C ft=1 fh=b94d2e8b2480d19a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir" sh=D107A7BF0EEE8DB497D22845EA7A7B5991939E04 ft=1 fh=24607777d1fa6626 vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SafeFinder.exe.vir" sh=E6FBB1312275455FB792F695EF5DDEDAF71D2AE1 ft=1 fh=30adbcb27ed99483 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sgml.dll.vir" sh=20A4D5E2F0B7C137777E496FAB23DEE6E06E3524 ft=1 fh=7b5a72c277444801 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sgmu.dll.vir" sh=0033FE6FE71DC396AB919B116278353819256B0C ft=1 fh=0006fd960dfeb9f3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sidb.dll.vir" sh=0C7A42439BEEF7EB2F94E84EDE04087019542FA4 ft=1 fh=515e1ebef8bf206b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\siem.dll.vir" sh=04D88C1CEB00E6933454F34E41B9575BC1319A6C ft=1 fh=f3e91c601b54c988 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sipb.dll.vir" sh=5BCF4BA3ACFC0BAA9356126C8C7ED2117CCE8C22 ft=1 fh=87afd833b390c9fe vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sismlp.dll.vir" sh=EA18A604D11EC45F2266DB24254714B79C4F35A2 ft=1 fh=cc8ee0312df4ba4f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir" sh=FBF8E49FD9D37F3D9874E5ABC9436D2F81D55085 ft=1 fh=54095d011e83f0b8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir" sh=A2825E519156018306A8FFD5DBF67B59B37E1136 ft=1 fh=6bf0356f5cc92e27 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir" sh=09EDBEECD9103ADA50B5AEA9AC67B184F44EA060 ft=1 fh=42e9b727b2791417 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir" sh=6969273B865E0307DAEF794663BFD4C271CD8AEF ft=1 fh=e3b5e6d727a7f6f4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir" sh=F4A4A6963491B03113B38821448BD88395048E6D ft=1 fh=d66d91154cc13bbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir" sh=91F565E6DEAC96C221ABC7787BEE0C86DAD7D2F6 ft=1 fh=3d9c9a19cee0d003 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir" sh=410F4566A23F6EA44752A053105B2CC6D6FBD07F ft=1 fh=86b5d2181ab5de30 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir" sh=D96042AAA80BD4C0306EA0063156611FEEA74A85 ft=1 fh=e70a2660d5f6c0b5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir" sh=AC134A0F214DED8D601A9785D0D920BBD142007C ft=1 fh=7b1cd79802350fec vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Monetization.Proxy.ProxyService.dll.vir" sh=B2A8486BD208A238F5C3F5DBF866F1E75CBFF195 ft=1 fh=7b91c828d2f39c59 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir" sh=8E1ED695BEBF88737C583414D408A629FA65E3CB ft=1 fh=f7aa3ee04e9931b8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=3711F1AF60B408CF6F8C451ED68F278F11C183E7 ft=1 fh=a0727a4ee55f611f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir" sh=C2116C191D3880DDB94802997C1760BAAE087514 ft=1 fh=68531ad2e8a4ad87 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir" sh=0DB5112CC767CAB353B1469DC7C739DBCCECF8D3 ft=1 fh=fe88d03dc3710b3e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir" sh=3D2D2383F305492951D3369C494F63901DD544E4 ft=1 fh=f0c18d3c2056f8a2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir" sh=F4E5A2012D5E79A9EBBFCFB934EB87B96BC48A45 ft=1 fh=0dc685995b975b5d vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=F4E5A2012D5E79A9EBBFCFB934EB87B96BC48A45 ft=1 fh=0dc685995b975b5d vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir" sh=E8D6AA17037015B0858541531CD3B851B4F3FF1C ft=1 fh=05b891725166971f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir" sh=05805644B7FE45BF1DCC457ADF4A352E359922F8 ft=1 fh=227b75759294be95 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smta.dll.vir" sh=7BE77DF019E029BF5117DBE706D2DA7D0AD1C483 ft=1 fh=f8922ba1a168b5d7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smti.dll.vir" sh=B953B6A6D2D6EF491CDB2EEAF426918FA822B8D7 ft=1 fh=cd6b5ef2c9976ddd vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smtu.dll.vir" sh=E3BE6A2EE992C6D92035F88F8AEB57F7449C72A6 ft=1 fh=727aa1e8373b8b40 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spbe.dll.vir" sh=12A49A043D2BA4D7EF89D63B8F9CB01C5B1657EB ft=1 fh=13c8ba1a30c4dd7e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spbl.dll.vir" sh=A3C493E5A5394ECDD46194EF9641A89CE3D44C3B ft=1 fh=75c0a737d5be8013 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sppsm.dll.vir" sh=D717905F02500A6A3DFA260047750E228C987B9F ft=1 fh=e9240de195759d2b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spsm.dll.vir" sh=47947F446F711DD84D9D5741C5FB9EDCB6692424 ft=1 fh=8fea365fcc399b5e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spusm.dll.vir" sh=445B1360CE8CC6E3043E8B022993D296143C8C0E ft=1 fh=13b6632dc26d469b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srau.dll.vir" sh=76F3122675C188B421D357896F132E68267E8C46 ft=1 fh=884a81d3a6f4992f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbhu.dll.vir" sh=79142C37963F0A048FBFA19FC133BFF1DDEFA32F ft=1 fh=90bfb6ec9c714dc8 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbs.dll.vir" sh=E6B2358A745818FBC006E685BE27C9BDBF367CE5 ft=1 fh=968399f392e56fd6 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbu.dll.vir" sh=7AAF8CF271FAF87509E300F5CCF50852428DF31F ft=1 fh=cb1cff1653495c68 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sreu.dll.vir" sh=FB93E20DE89F5207AADF3E10DC8AD72ABD0908B7 ft=1 fh=8f93196acb36a2ab vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srgu.dll.vir" sh=669EF8022EE93776EAA358B754B2226ADDB53BFE ft=1 fh=7a334fabc2c1691c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srns.dll.vir" sh=577905B03B80304FF4B6AD5C09774D070FFBEC44 ft=1 fh=8d4884d0d498f7c4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srom.dll.vir" sh=06BEFF3884E46FB37FA934EC2B6846CD35E71321 ft=1 fh=48a29238bb3e6c9f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srpdm.dll.vir" sh=F4F2F43AAF844E700DCF7424561239E282A6FE64 ft=1 fh=f95de7fd860d7309 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srprl.dll.vir" sh=5588A98C8A2CF26B1A99B76DADFAE0D9F1745D78 ft=1 fh=fe078e160e83b3ed vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srpu.dll.vir" sh=5384E7AE3A0FE5665A7C0CD9965BFAA4EDF8121F ft=1 fh=7627a467a68e1cfc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsbs.dll.vir" sh=4E701E7BDB47145778BCD2A66CF447BE7AECC3F2 ft=1 fh=1c355c557b2dfadd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsbsau.dll.vir" sh=F1A36B344B0A3BB9AFF8D2CB72F3083BD421D6E9 ft=1 fh=edab83601761379f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsl.dll.vir" sh=0345FC288AF7AAE0794C903523E0A91E9E355403 ft=1 fh=cd456461b3b75d3f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sruhs.dll.vir" sh=63AF364C5A1B587C2BBF5980344D28375179DAA3 ft=1 fh=8709267d83154126 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srus.dll.vir" sh=B65854E572AA6C6150A448FBE67F535ADD60A7B8 ft=1 fh=69c4a88423c06039 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srut.dll.vir" sh=EED80DB4A1189D6E15652E07235054BB83AE5B7B ft=1 fh=050a6a233f119e71 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir" sh=2D6209412F6BEE3207B4A6B1D879029BCAE5A33A ft=1 fh=9e05ac448cb1dbae vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=868B31DF79F3129CBE3DD668B16198A5933CCA89 ft=1 fh=63c3d33c342d4df8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=E906C4A0D2F107566676915A1D8F749971EC8BAA ft=1 fh=8b702ee1cd32cab3 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=9193F640EB5C4C9CB7E37F33A3B82F1617A27C46 ft=1 fh=5eb79182e52d0cb8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=7B0114EA29BC6FCCA336DCC2E0DE233FD7671C1D ft=1 fh=9a8147c308b8dbff vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir" sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir" sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir" sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir" sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir" sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir" sh=3E2E688AAA8B0CF8DC64DA309FF1FC450A41DEC1 ft=1 fh=80bdf0d437659c5a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=6378561B8B38A2827388FA4DE1E38A3B35D8F957 ft=1 fh=40efe5071e489d7b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir" |
02.02.2015, 13:36 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Kann nicht schaden
__________________ Logfiles bitte immer in CODE-Tags posten |
02.02.2015, 15:10 | #29 |
| Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Hier ist dann das Ergebnis der zweiten ESET-Runde: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=bb30e862f6fc854eae71deba0d969080 # engine=22263 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-02 02:06:32 # local_time=2015-02-02 03:06:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1299 16777213 100 100 6036 50457622 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 151272 174515842 0 0 # scanned=212446 # found=22 # cleaned=22 # scan_time=3942 sh=BF9DFFEFCCB98DC98AE6E19AD270FF0831B8A10C ft=1 fh=bcc35720bc203060 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=06CDBC71C6BDB9E93948C5CE2F49A08F97A0DDC6 ft=1 fh=ee606ee69e82f760 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=46E4E1539DFE69AD69D43638A000EFCA4074C359 ft=1 fh=a2d4323422aa0320 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=549F9D02F1BB82B1AE776E8824051088CAFD9369 ft=1 fh=9b9fb80f44c4acb2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir" sh=C742319F480AB0BD6F4A8C4B12D4AC161BB07B92 ft=1 fh=77ff0dd2c6329cc6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir" sh=297D783EA1B3B0CB34EBCC34DC78237E5CAD7AFE ft=1 fh=8b517a8c8384579c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir" sh=110752710CFF65EE8907962F75DD2889196F30E7 ft=1 fh=79060f56cc622fd7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir" sh=C913CAD86540FFDF52389FF54E0163E7C09885AD ft=1 fh=eae5d36e67f1a44e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir" sh=044C6C40C001C097AA2B44471BA05DC09EA8A803 ft=1 fh=f23ec7f6bdf7579e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir" sh=A27D5B20809A5107590B4943EE7CABBF394BEDB3 ft=1 fh=b56e3bb8d53defcc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir" sh=C30936E2A17E58D0EB4AF2597ABEE10517C9DB70 ft=1 fh=ab2dfa641eb68ce0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir" sh=14CD07E24E23510F2395B3D1A4BEFF2573EE52EA ft=1 fh=a25d9b6f08145a4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir" sh=CEA566AE9EDCECDBC376341B5B0D7BF2FB3AC6D8 ft=1 fh=55130af85ebaf5dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir" sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir" sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir" sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir" sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir" sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir" sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir" sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll" |
02.02.2015, 15:12 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster |
checken, compatibilitycheck, compatibilitycheck.exe, download, ebenfalls, empfehlung, entfernt, folge, forum, gelöscht, geändert, installiert, internet, kaspersky, laptop, musik, nichts, plötzlich, probleme, process, programm, programme, services, verschwunden, windows, windows 7, wirklich |