|
Log-Analyse und Auswertung: Windows 8.1 not-a-virus:AdWare.Win32.Linkury.aWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2015, 23:22 | #1 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Hallo, ich hab mir da was eingefangen, von dem ich nicht genau weiss was es sein soll. Kaspersky meldet ständig, dass es xy.dll Datei desinfiziert hat. Objektname: not-a-virus:AdWare.Win32.Linkury.a Jemand anderes hat schon heute nachmittag anscheinend ähnliches gepostet, weshalb ich gleich mal FRST runtergeladen habe und einen Scan damit vollzog. Über ein wenig Hilfe würde ich mich natürlch sehr freuen. Vielen Dank und liebe Grüße. Jürgen FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by jurge_000 (administrator) on DOC on 05-02-2015 20:34:05 Running from C:\Users\jurge_000\Desktop Loaded Profiles: jurge_000 (Available profiles: jurge_000 & Administrator) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe () C:\Program Files (x86)\LPT\srpts.exe () C:\Users\jurge_000\AppData\Local\RGMService\RGMUpdater.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Users\jurge_000\AppData\Local\RGMService\RGMLoader.exe () C:\Program Files (x86)\LPT\srptsl.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Pokki) C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe (Smartbar) C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.exe () C:\Users\jurge_000\AppData\Roaming\Search Protection\SP.exe () C:\Program Files (x86)\hide.me VPN\Hide.me.exe () C:\Program Files (x86)\ProgDVB\ProgLauncher.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Pokki) C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppService.exe (Pokki) C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe (Pokki) C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppService.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe () C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\extensions\adbhelper@mozilla.org\win32\adb.exe (Pokki) C:\Users\jurge_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe () C:\Users\jurge_000\AppData\Local\LPT\srptm.exe () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Lrcnta.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [IR_SERVER] => C:\Program Files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Browser Infrastructure Helper] => C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.exe [29696 2014-08-27] (Smartbar) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Search Protection] => C:\Users\jurge_000\AppData\Roaming\Search Protection\SP.EXE [1128760 2015-01-16] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Browser Extensions] => C:\Users\jurge_000\AppData\Roaming\BrowserExtensions\BEHelper.exe [544720 2015-01-06] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Hide.me] => C:\Program Files (x86)\hide.me VPN\Hide.me.exe [1071768 2014-11-26] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [ProgLauncher] => C:\Program Files (x86)\ProgDVB\ProgLauncher.exe [381888 2014-12-14] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\RunOnce: [Application Restart #3] => C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-01-31] (Pokki) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=online&m=start HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFxd-cizaAI2jzB21nZsMHDaQL65QqL22G-LRbfOUv-5ocZEeQ41DWLCioPtn85ySygYCG9-VvHDd_eLqLg44BrSH1cmfNlqO0BH-ecbOUyeb1QtqA7ksKdOmNETbzZrkOKkoD5UGjMYG_3Q70trDdj21vWRfyhfhoSA,,&q={searchTerms} HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFxd-cizaAI2jzB21nZsMHDaQL65QqL22G-LRbfOUv-5ocZEeQ41DWLCioPtn85ySygYCG9-VvHDd_eLqLg44BrSH1cmfNlqO0BH-ecbOUyeb1QtqA7ksKdOmNETbzZrkOKkoD5UGjMYG_3Q70trDdj21vWRfyhfhoSA,,&q={searchTerms} SearchScopes: HKLM -> {F6305024-E578-4006-A05F-6B1A66BAE870} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFxd-cizaAI2jzB21nZsMHDaQL65QqL22G-LRbfOUv-5ocZEeQ41DWLCioPtn85ySygYCG9-VvHDd_eLqLg44BrSH1cmfNlqO0BH-ecbOUyeb1QtqA7ksKdOmNETbzZrkOKkoD5UGjMYG_3Q7xqIh4b2TTenZoGX3PHQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFxd-cizaAI2jzB21nZsMHDaQL65QqL22G-LRbfOUv-5ocZEeQ41DWLCioPtn85ySygYCG9-VvHDd_eLqLg44BrSH1cmfNlqO0BH-ecbOUyeb1QtqA7ksKdOmNETbzZrkOKkoD5UGjMYG_3Q7xqIh4b2TTenZoGX3PHQ,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> DefaultScope {2CC11A78-ABFC-11E4-829C-A02BB859D734} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=online&q={searchTerms} SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StPOamTTqzur3wb8K-Ou-Ve_tolwkCoFEtV9h8HxjFxd-cizaAI2jzB21nZsMHDaQL65QqL22G-LRbfOUv-5ocZEeQ41DWLCioPtn85ySygYCG9-VvHDd_eLqLg44BrSH1cmfNlqO0BH-ecbOUyeb1QtqA7ksKdOmNETbzZrkOKkoD5UGjMYG_3Q70trDdj21vWRfyhfhoSA,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> {2CC11A78-ABFC-11E4-829C-A02BB859D734} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=online&q={searchTerms} SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> {C5BA03B4-C5FB-47A7-A541-30A1C674009A} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\jurge_000\AppData\Roaming\BrowserExtensions\Coupons64.dll () BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\jurge_000\AppData\Roaming\BrowserExtensions\Coupons.dll () BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.99.99 FireFox: ======== FF ProfilePath: C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default FF SelectedSearchEngine: Web Search FF Homepage: google.de FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3178874078-4208927294-2124628208-1002: pokki.com/PokkiDownloadHelper -> C:\Users\jurge_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki) FF SearchPlugin: C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\searchplugins\yahoo_ff.xml FF Extension: ADB Helper - C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\Extensions\adbhelper@mozilla.org [2014-12-22] FF Extension: Adblock Plus - C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed] R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.) R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34304 2014-08-27] () <==== ATTENTION R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed] R2 RGMUpdater; C:\Users\jurge_000\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-21] (Microsoft Corporation) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-13] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-09-13] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-09-13] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-09-13] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-09-13] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-09-13] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-09-13] (Kaspersky Lab ZAO) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 GENERICDRV; \??\C:\swsetup\sp67235\amifldrv64.sys [X] U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 McProxy; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 20:34 - 2015-02-05 20:34 - 00023278 _____ () C:\Users\jurge_000\Desktop\FRST.txt 2015-02-05 20:33 - 2015-02-05 20:34 - 00000000 ____D () C:\FRST 2015-02-05 20:31 - 2015-02-05 20:31 - 02131968 _____ (Farbar) C:\Users\jurge_000\Desktop\FRST64.exe 2015-02-05 13:40 - 2015-02-05 13:40 - 00326104 _____ () C:\WINDOWS\Minidump\020515-26484-01.dmp 2015-02-03 20:40 - 2015-02-03 20:41 - 00326104 _____ () C:\WINDOWS\Minidump\020315-27343-01.dmp 2015-02-03 17:42 - 2015-02-03 17:42 - 00326048 _____ () C:\WINDOWS\Minidump\020315-29312-01.dmp 2015-01-29 22:50 - 2015-01-29 22:50 - 00001014 _____ () C:\Users\jurge_000\Desktop\TinyPic.lnk 2015-01-29 22:50 - 2015-01-29 22:50 - 00000000 ____D () C:\Program Files (x86)\Tinypic 2015-01-28 22:01 - 2015-01-28 22:01 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity 2015-01-27 23:05 - 2015-01-28 22:03 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Audacity 2015-01-27 23:04 - 2015-01-27 23:04 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-01-27 23:04 - 2015-01-27 23:04 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk 2015-01-27 23:04 - 2015-01-27 23:04 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-01-27 14:19 - 2015-01-27 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 00:19 - 2014-12-06 07:43 - 14489797 _____ () C:\Users\jurge_000\Desktop\Wie Sie mehr fotografieren und weniger knipsen - Thomas Stephan.epub 2015-01-25 21:10 - 2015-01-25 21:10 - 00326048 _____ () C:\WINDOWS\Minidump\012515-24062-01.dmp 2015-01-24 23:07 - 2015-01-24 23:07 - 00326104 _____ () C:\WINDOWS\Minidump\012415-21953-01.dmp 2015-01-24 21:47 - 2015-01-24 21:48 - 00326048 _____ () C:\WINDOWS\Minidump\012415-26687-01.dmp 2015-01-22 10:19 - 2015-01-22 10:19 - 00000000 ____D () C:\Users\jurge_000\Desktop\HUK 2015-01-22 10:16 - 2015-01-22 10:16 - 00000472 _____ () C:\Users\jurge_000\Desktop\Volume (F) - Verknüpfung.lnk 2015-01-21 00:39 - 2015-01-21 00:39 - 00326160 _____ () C:\WINDOWS\Minidump\012115-29281-01.dmp 2015-01-18 11:36 - 2015-01-18 11:36 - 00001110 _____ () C:\Users\Public\Desktop\Terminplaner .Net.lnk 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\RDecke 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terminplaner.NET 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Terminplaner.NET 2015-01-18 11:35 - 2015-01-18 11:34 - 04718515 _____ (Ronny Decke ) C:\Users\jurge_000\Downloads\setup_CB-DL-Manager [1].exe 2015-01-16 21:45 - 2015-02-04 00:27 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\stickies 2015-01-16 21:45 - 2015-01-16 21:45 - 00000667 _____ () C:\WINDOWS\uninstallstickies.bat 2015-01-16 21:45 - 2015-01-16 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stickies 2015-01-16 21:45 - 2015-01-16 21:45 - 00000000 ____D () C:\Program Files (x86)\Stickies 2015-01-15 22:02 - 2015-01-15 22:02 - 00460040 _____ () C:\Users\jurge_000\Desktop\Unbenannt 1.odt 2015-01-15 09:54 - 2015-01-15 09:54 - 00000000 ___HD () C:\Users\jurge_000\Desktop\.picasaoriginals 2015-01-14 22:32 - 2015-01-15 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 22:00 - 2015-01-14 22:00 - 00001429 _____ () C:\Users\jurge_000\Desktop\bp - Verknüpfung.lnk 2015-01-14 11:47 - 2015-01-14 11:47 - 00001860 _____ () C:\Users\jurge_000\Desktop\PTEditor - Verknüpfung.lnk 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Tab Software 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Power Tab Software 2015-01-14 11:39 - 2015-01-14 11:39 - 05917258 _____ () C:\Users\jurge_000\Downloads\powertab1.7.zip 2015-01-14 08:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 08:53 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 08:53 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 08:53 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 08:53 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 08:53 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 08:53 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 08:53 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 08:53 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 08:53 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 08:53 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 08:53 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 08:53 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 08:53 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 08:53 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 08:53 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 08:53 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 08:52 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 08:52 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 08:52 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 08:52 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-07 23:38 - 2015-01-07 23:38 - 00326160 _____ () C:\WINDOWS\Minidump\010715-23000-01.dmp 2015-01-07 23:01 - 2015-01-07 23:01 - 00326160 _____ () C:\WINDOWS\Minidump\010715-28203-01.dmp 2015-01-07 11:21 - 2015-01-07 11:21 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Guitar Pro 6 2015-01-07 11:21 - 2015-01-07 11:21 - 00000000 ____D () C:\ProgramData\Guitar Pro 6 2015-01-07 11:20 - 2015-01-07 11:20 - 00000991 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk 2015-01-07 11:20 - 2015-01-07 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6 2015-01-07 11:19 - 2015-01-07 11:20 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 6 2015-01-07 09:21 - 2015-01-07 09:21 - 00309776 _____ () C:\WINDOWS\Minidump\010715-24203-01.dmp 2015-01-07 08:59 - 2015-01-07 08:59 - 00305680 _____ () C:\WINDOWS\Minidump\010715-23218-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 20:32 - 2014-09-04 22:35 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Pokki 2015-02-05 20:29 - 2014-09-27 08:01 - 00003178 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForjurge_000 2015-02-05 20:29 - 2014-09-27 08:01 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForjurge_000.job 2015-02-05 20:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-05 20:23 - 2014-12-30 09:22 - 01693278 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-05 20:17 - 2014-09-12 21:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-05 20:08 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-05 20:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-05 13:54 - 2014-09-04 22:49 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3178874078-4208927294-2124628208-1002 2015-02-05 13:42 - 2014-09-04 23:07 - 00002305 _____ () C:\Users\jurge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-02-05 13:42 - 2014-08-28 11:52 - 00000000 ___DO () C:\Users\jurge_000\OneDrive 2015-02-05 13:41 - 2014-12-23 21:19 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\RGMService 2015-02-05 13:41 - 2014-11-29 22:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-05 13:41 - 2014-05-12 12:05 - 02200258 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e 2015-02-05 13:40 - 2014-12-30 09:23 - 00013853 _____ () C:\WINDOWS\setupact.log 2015-02-05 13:40 - 2014-12-29 23:52 - 534231311 _____ () C:\WINDOWS\MEMORY.DMP 2015-02-05 13:40 - 2014-10-06 21:27 - 00000000 ____D () C:\WINDOWS\Minidump 2015-02-05 13:40 - 2014-09-04 22:35 - 00000000 ____D () C:\Users\jurge_000 2015-02-05 13:40 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 22:41 - 2014-11-29 22:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 17:43 - 2014-12-28 22:36 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\BrowserExtensions 2015-02-03 17:41 - 2014-09-04 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-03 09:45 - 2014-04-22 00:14 - 00800954 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-03 09:45 - 2014-04-22 00:14 - 00174458 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-03 09:45 - 2013-08-26 07:09 - 01921090 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-02 01:04 - 2014-09-05 21:03 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\vlc 2015-01-30 19:24 - 2014-10-03 19:18 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-30 19:24 - 2014-09-26 21:01 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-01-28 01:31 - 2014-08-28 16:23 - 00000000 ____D () C:\Users\jurge_000\Documents\Calibre-Bibliothek 2015-01-27 18:43 - 2014-05-12 11:51 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin 2015-01-27 18:43 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-26 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2015-01-24 21:20 - 2014-09-08 10:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-09-08 10:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 20:42 - 2014-12-23 21:25 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Windows Live 2015-01-17 20:56 - 2013-08-22 15:44 - 00379016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-17 20:55 - 2014-12-23 23:09 - 00000000 ____D () C:\Program Files (x86)\DivX 2015-01-16 22:39 - 2014-09-07 23:34 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-16 21:56 - 2014-09-07 23:34 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-15 09:28 - 2014-12-23 21:02 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\DVD Flick 2015-01-14 22:08 - 2014-12-23 23:08 - 00000000 ____D () C:\ProgramData\DivX 2015-01-14 11:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-07 23:07 - 2014-09-16 22:19 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2014-12-23 21:07 - 2014-12-23 21:07 - 0092702 _____ () C:\Users\jurge_000\AppData\Local\349311A3_stp.CIS 2014-12-23 21:07 - 2014-12-23 21:07 - 0000289 _____ () C:\Users\jurge_000\AppData\Local\349311A3_stp.CIS.part 2014-12-23 21:07 - 2014-12-23 21:07 - 0000000 _____ () C:\Users\jurge_000\AppData\Local\5BFEE0EB_stp.EXE 2014-12-23 21:08 - 2014-12-23 21:08 - 0000203 _____ () C:\Users\jurge_000\AppData\Local\5BFEE0EB_stp.EXE.part 2014-12-23 21:07 - 2014-12-23 21:08 - 0178814 _____ () C:\Users\jurge_000\AppData\Local\6AD0D82B_stp.CIS 2014-12-23 21:08 - 2014-12-23 21:08 - 0000238 _____ () C:\Users\jurge_000\AppData\Local\6AD0D82B_stp.CIS.part 2014-12-23 23:22 - 2014-12-23 23:22 - 0007680 _____ () C:\Users\jurge_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-28 22:59 - 2014-09-28 22:59 - 0002063 _____ () C:\Users\jurge_000\AppData\Local\recently-used.xbel 2014-09-18 08:32 - 2014-09-18 08:32 - 0001534 _____ () C:\ProgramData\ss.ini Some content of TEMP: ==================== C:\Users\jurge_000\AppData\Local\Temp\-meblazn.dll C:\Users\jurge_000\AppData\Local\Temp\0hgn9bp4.dll C:\Users\jurge_000\AppData\Local\Temp\2cvjg2ui.dll C:\Users\jurge_000\AppData\Local\Temp\6utolcnp.dll C:\Users\jurge_000\AppData\Local\Temp\73celdui.dll C:\Users\jurge_000\AppData\Local\Temp\75crf8bq.dll C:\Users\jurge_000\AppData\Local\Temp\bfntpetm.dll C:\Users\jurge_000\AppData\Local\Temp\bswjrtpw.dll C:\Users\jurge_000\AppData\Local\Temp\ceaqyslu.dll C:\Users\jurge_000\AppData\Local\Temp\e-mlvuyr.dll C:\Users\jurge_000\AppData\Local\Temp\e6jz9of_.dll C:\Users\jurge_000\AppData\Local\Temp\f0hameyt.dll C:\Users\jurge_000\AppData\Local\Temp\fddto3ya.dll C:\Users\jurge_000\AppData\Local\Temp\kgltleq3.dll C:\Users\jurge_000\AppData\Local\Temp\kszb4xaf.dll C:\Users\jurge_000\AppData\Local\Temp\lnztk08r.dll C:\Users\jurge_000\AppData\Local\Temp\mkbvhnur.dll C:\Users\jurge_000\AppData\Local\Temp\ndpkfgcn.dll C:\Users\jurge_000\AppData\Local\Temp\nywbxm0o.dll C:\Users\jurge_000\AppData\Local\Temp\o3sbkbok.dll C:\Users\jurge_000\AppData\Local\Temp\oct7F93.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octA4B3.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octBDA5.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\p077xjfc.dll C:\Users\jurge_000\AppData\Local\Temp\pg93yw8i.dll C:\Users\jurge_000\AppData\Local\Temp\qj-iiie1.dll C:\Users\jurge_000\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\jurge_000\AppData\Local\Temp\sltr_ugu.dll C:\Users\jurge_000\AppData\Local\Temp\uadakbsc.dll C:\Users\jurge_000\AppData\Local\Temp\ule4l8cl.dll C:\Users\jurge_000\AppData\Local\Temp\upkx7dkr.dll C:\Users\jurge_000\AppData\Local\Temp\v53idcfd.dll C:\Users\jurge_000\AppData\Local\Temp\xk9w7_gr.dll C:\Users\jurge_000\AppData\Local\Temp\yntr8xkm.dll C:\Users\jurge_000\AppData\Local\Temp\zna2d3-v.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 23:32 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015 Ran by jurge_000 at 2015-02-05 20:35:54 Running from C:\Users\jurge_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Browser Extensions (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.6 - Spigot, Inc.) <==== ATTENTION Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden calibre (HKLM-x32\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) ClearProg 1.6.1 Beta 7 (HKLM-x32\...\ClearProg) (Version: 1.6.1 Beta 7 - Sven Hoffman) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - ) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) DVDStyler v2.8 (HKLM-x32\...\DVDStyler_is1) (Version: - ) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden FreeRIP MP3 Converter 4.5.3 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.3 - GreenTree Applications SRL) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden hide.me VPN Version 1.0.5 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.0.5 - eVenture Limited) Host App Service (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Pokki) (Version: 0.269.5.460 - Pokki) HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Pokki Download Helper (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) ProgDVB (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.) Search Protection (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.) <==== ATTENTION Startmenü (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki) Stickies 8.0b (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated) Terminplaner .Net (HKLM-x32\...\{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1) (Version: - Ronny Decke) Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler) Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.9.2.1 - ) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Warhammer 40,000: Dawn Of War - Gold Edition (HKLM-x32\...\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}) (Version: 1.51 - THQ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-01-2015 23:14:09 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E5F545C-3E53-4CA6-B6DD-F9468D990F15} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2595D899-3540-46DF-9B78-8F72E3C1BB4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {366065F9-548E-4649-A41D-CE201FCA2E2A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation) Task: {5E9E3CCA-3E56-426D-869F-2887A3F1CFBF} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe [2014-11-26] () Task: {72535254-1F4B-4441-8985-5D973E0A9A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {748AFF38-E65C-433E-ABBF-1B96A97DE684} - System32\Tasks\HPCeeScheduleForjurge_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {7605FDD8-C91D-46F6-B3D4-B8B886B65688} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {783FB339-C2A9-4C97-9225-8886277D380D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {7BFA62DA-E2B5-4499-BDE4-6596E6DBB0AA} - System32\Tasks\Chrome => C:\Users\jurge_000\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION Task: {7DC3868F-F8C4-48C3-BBE6-712B4ACFBBC1} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.) Task: {AE65EE86-DE40-4F81-9EF9-97F606D399EB} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe Task: {CBCBF33A-327C-4E89-9654-A454F3F17EC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {D61F64F2-D634-494C-8ADB-4A8DB675B301} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {E8AD23A2-1FC5-4477-8255-3438445694AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForjurge_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-01 17:38 - 2014-03-01 17:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-01 17:52 - 2014-03-01 17:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-01 17:52 - 2014-03-01 17:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2008-09-09 10:22 - 2008-09-09 10:22 - 00022016 _____ () C:\WINDOWS\System32\sst1cl6.dll 2014-09-09 20:46 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll 2014-03-15 01:21 - 2014-03-15 01:21 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2014-03-15 01:20 - 2014-03-15 01:20 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-05-12 12:00 - 2014-03-05 17:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2014-08-27 15:24 - 2014-08-27 15:24 - 00034304 _____ () C:\Program Files (x86)\LPT\srpts.exe 2014-10-27 16:04 - 2014-10-27 16:04 - 00028160 _____ () C:\Users\jurge_000\AppData\Local\RGMService\RGMUpdater.exe 2014-12-01 17:01 - 2014-12-01 17:01 - 00974848 _____ () C:\Users\jurge_000\AppData\Local\RGMService\RGMLoader.exe 2014-08-27 15:24 - 2014-08-27 15:29 - 00036352 _____ () C:\Program Files (x86)\LPT\srptsl.exe 2014-03-01 17:41 - 2014-03-01 17:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-01-16 10:30 - 2015-01-16 10:30 - 01128760 _____ () C:\Users\jurge_000\AppData\Roaming\Search Protection\SP.exe 2014-12-30 00:07 - 2014-11-26 11:40 - 01071768 _____ () C:\Program Files (x86)\hide.me VPN\Hide.me.exe 2014-12-14 12:07 - 2014-12-14 12:07 - 00381888 _____ () C:\Program Files (x86)\ProgDVB\ProgLauncher.exe 2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-12-22 08:18 - 2014-12-22 08:18 - 00818176 _____ () C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\extensions\adbhelper@mozilla.org\win32\adb.exe 2014-08-27 15:29 - 2014-08-27 15:29 - 00024576 _____ () C:\Users\jurge_000\AppData\Local\LPT\srptm.exe 2014-08-27 15:28 - 2014-08-27 15:28 - 00025088 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Lrcnta.exe 2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll 2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll 2014-08-27 15:24 - 2014-08-27 15:29 - 00044032 _____ () C:\Program Files (x86)\LPT\srptc.dll 2014-08-27 15:23 - 2014-08-27 15:28 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll 2014-12-01 17:01 - 2014-12-01 17:01 - 01686016 _____ () C:\Users\jurge_000\AppData\Local\RGMService\RGMHost.dll 2014-12-01 17:01 - 2014-12-01 17:01 - 02745856 _____ () C:\Users\jurge_000\AppData\Local\RGMService\MonetizationToolsManager.dll 2014-12-01 17:02 - 2014-12-01 17:02 - 01592832 _____ () C:\Users\jurge_000\AppData\Local\RGMService\ProtectorsManager.dll 2014-08-27 15:24 - 2014-08-27 15:29 - 00071680 _____ () C:\Program Files (x86)\LPT\srut.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00052224 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00087552 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srau.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00167424 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 02426880 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00068608 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\spbl.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00160256 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00015872 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\siem.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00069120 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\sppsm.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00698368 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00016384 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00080384 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00028672 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00071680 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srut.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00031232 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srsbs.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00075264 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\smsp.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00011776 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\sidc.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00032256 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\smtu.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00040448 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\smta.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00032768 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srom.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00025600 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\sgml.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00152064 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\smti.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00063488 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00026624 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srpdm.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00045056 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\MACTrackBarLib.dll 2014-08-27 15:24 - 2014-08-27 15:24 - 00026624 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00036864 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00257024 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srns.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00049152 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\srbu.dll 2014-12-30 00:07 - 2014-11-26 11:34 - 00102400 _____ () C:\Program Files (x86)\hide.me VPN\de-DE\Hide.me.resources.dll 2015-01-27 14:19 - 2015-01-27 14:19 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\jurge_000\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll 2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\jurge_000\AppData\Local\Pokki\Engine\avcodec-54.dll 2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\jurge_000\AppData\Local\Pokki\Engine\avutil-51.dll 2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\jurge_000\AppData\Local\Pokki\Engine\avformat-54.dll 2015-01-14 22:32 - 2015-01-14 22:32 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-01-14 22:32 - 2015-01-14 22:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-01-14 22:32 - 2015-01-14 22:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00083968 _____ () C:\Users\jurge_000\AppData\Local\LPT\srpt.dll 2014-08-27 15:29 - 2014-08-27 15:29 - 00044032 _____ () C:\Users\jurge_000\AppData\Local\LPT\srptc.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00018944 _____ () C:\Users\jurge_000\AppData\Local\LPT\Smartbar.Common.dll 2014-08-27 15:28 - 2014-08-27 15:28 - 00034816 _____ () C:\Users\jurge_000\AppData\Local\Smartbar\Application\lrcnt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\jurge_000:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Temp:10894A2E AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys AlternateDataStreams: C:\Users\jurge_000\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\jurge_000\Cookies:gs5sys AlternateDataStreams: C:\Users\jurge_000\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\jurge_000\OneDrive:ms-properties AlternateDataStreams: C:\Users\jurge_000\Vorlagen:gs5sys AlternateDataStreams: C:\Users\jurge_000\Desktop\desktop.ini:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\jurge_000\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3178874078-4208927294-2124628208-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-3178874078-4208927294-2124628208-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3178874078-4208927294-2124628208-1004 - Limited - Enabled) jurge_000 (S-1-5-21-3178874078-4208927294-2124628208-1002 - Administrator - Enabled) => C:\Users\jurge_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/05/2015 08:31:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20605250 Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20605250 Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20603562 Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20603562 Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4781 Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4781 Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (02/05/2015 01:39:58 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT) Description: Der Systemüberwachungszeitgeber wurde ausgelöst. Error: (02/05/2015 01:40:27 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007e (0xffffffffc0000005, 0xfffff80134999efb, 0xffffd000203e4128, 0xffffd000203e3930)C:\WINDOWS\MEMORY.DMP020515-26484-01 Error: (02/05/2015 01:40:26 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 05.02.2015 um 11:57:32 unerwartet heruntergefahren. Error: (02/04/2015 00:24:50 AM) (Source: DCOM) (EventID: 10010) (User: DOC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (02/04/2015 00:24:50 AM) (Source: DCOM) (EventID: 10010) (User: DOC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (02/04/2015 00:24:46 AM) (Source: DCOM) (EventID: 10010) (User: DOC) Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (02/03/2015 08:41:03 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007e (0xffffffffc0000005, 0xfffff8008dd6cefb, 0xffffd0006c4aa128, 0xffffd0006c4a9930)C:\WINDOWS\MEMORY.DMP020315-27343-01 Error: (02/03/2015 08:41:02 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 03.02.2015 um 19:49:48 unerwartet heruntergefahren. Error: (02/03/2015 05:41:39 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT) Description: Der Systemüberwachungszeitgeber wurde ausgelöst. Error: (02/03/2015 05:42:11 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000019 (0x000000000000000d, 0xffffe000341f9e5f, 0xd08d195661e3f769, 0x91d08d195661e3c8)C:\WINDOWS\MEMORY.DMP020315-29312-01 Microsoft Office Sessions: ========================= Error: (02/05/2015 08:31:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppService.exe Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20605250 Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20605250 Error: (02/05/2015 08:06:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20603562 Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20603562 Error: (02/05/2015 08:06:05 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4781 Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4781 Error: (02/05/2015 02:22:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 67% Total physical RAM: 3519.68 MB Available physical RAM: 1133.63 MB Total Pagefile: 7103.68 MB Available Pagefile: 3975.96 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:71.31 GB) (Free:27.95 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:22.33 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Volume) (Fixed) (Total:346.68 GB) (Free:143.64 GB) NTFS Drive g: (Volume) (Fixed) (Total:24.41 GB) (Free:20.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 55152BDD) Partition: GPT Partition Type. ==================== End Of Log ============================ Geändert von Doddore (05.02.2015 um 23:39 Uhr) |
05.02.2015, 23:44 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Hallo und
__________________(edit: thx to Jürgen ) Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Danach: Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Geändert von cosinus (05.02.2015 um 23:54 Uhr) |
06.02.2015, 09:44 | #3 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Oh, vielen lieben Dank, des geht ja schnell!
__________________Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 09:18:22 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-05.2 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : jurge_000 - DOC # Gestarted von : C:\Users\jurge_000\Desktop\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : LPTSystemUpdater Dienst Gelöscht : RGMUpdater ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\LPT Ordner Gelöscht : C:\Users\jurge_000\AppData\Local\LPT Ordner Gelöscht : C:\Users\jurge_000\AppData\Local\Smartbar Ordner Gelöscht : C:\Users\jurge_000\AppData\Local\RGMService Ordner Gelöscht : C:\Users\jurge_000\AppData\LocalLow\Smartbar Datei Gelöscht : C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\searchplugins\yahoo_ff.xml ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Classes\pokki Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki] Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Pokki Schlüssel Gelöscht : HKCU\Software\smartbarbackup Schlüssel Gelöscht : HKCU\Software\smartbarlog Schlüssel Gelöscht : HKCU\Software\RGMService Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v35.0.1 (x86 de) [2ngs26er.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); [2ngs26er.default\prefs.js] - Zeile Gelöscht : user_pref("startpage.ntsearch_url", "hxxps://de.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=386496&p={searchTerms}"); ************************* AdwCleaner[R0].txt - [8674 Bytes] - [06/02/2015 09:06:00] AdwCleaner[R1].txt - [8733 Bytes] - [06/02/2015 09:13:06] AdwCleaner[S0].txt - [6551 Bytes] - [06/02/2015 09:18:22] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6610 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by jurge_000 on 06.02.2015 at 9:23:43,74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2CC11A78-ABFC-11E4-829C-A02BB859D734} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\freerip" ~~~ FireFox Emptied folder: C:\Users\jurge_000\AppData\Roaming\mozilla\firefox\profiles\2ngs26er.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.02.2015 at 9:27:36,61 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by jurge_000 (administrator) on DOC on 06-02-2015 09:35:39 Running from C:\Users\jurge_000\Desktop Loaded Profiles: jurge_000 (Available profiles: jurge_000 & Administrator) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe () C:\Program Files (x86)\hide.me VPN\Hide.me.exe () C:\Program Files (x86)\ProgDVB\ProgLauncher.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-15] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-04] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [IR_SERVER] => C:\Program Files (x86)\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [Hide.me] => C:\Program Files (x86)\hide.me VPN\Hide.me.exe [1071768 2014-11-26] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Run: [ProgLauncher] => C:\Program Files (x86)\ProgDVB\ProgLauncher.exe [381888 2014-12-14] () HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\RunOnce: [Application Restart #3] => C:\Users\jurge_000\AppData\Local\Pokki\Engine\HostAppService.exe [7846216 2015-01-31] (Pokki) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=online&m=start HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 SearchScopes: HKLM -> {F6305024-E578-4006-A05F-6B1A66BAE870} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3178874078-4208927294-2124628208-1002 -> {C5BA03B4-C5FB-47A7-A541-30A1C674009A} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Tcpip\Parameters: [DhcpNameServer] 192.168.99.99 FireFox: ======== FF ProfilePath: C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default FF Homepage: google.de FF Keyword.URL: https://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: ADB Helper - C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\Extensions\adbhelper@mozilla.org [2014-12-22] FF Extension: Adblock Plus - C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Profiles\2ngs26er.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30] Chrome: ======= CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2013-10-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-03-15] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-15] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed] R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-04] (Hewlett-Packard Development Company, L.P.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated) R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-25] (Advanced Micro Devices, Inc.) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-25] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-25] (Advanced Micro Devices, Inc. ) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-04-21] (Microsoft Corporation) S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-13] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-09-13] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-09-13] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-09-13] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-09-13] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-09-13] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-09-13] (Kaspersky Lab ZAO) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [558296 2014-01-06] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3379416 2014-03-22] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 GENERICDRV; \??\C:\swsetup\sp67235\amifldrv64.sys [X] U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 McProxy; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 09:35 - 2015-02-06 09:36 - 00018140 _____ () C:\Users\jurge_000\Desktop\FRST.txt 2015-02-06 09:27 - 2015-02-06 09:27 - 00000967 _____ () C:\Users\jurge_000\Desktop\JRT.txt 2015-02-06 09:23 - 2015-02-06 09:23 - 01388274 _____ (Thisisu) C:\Users\jurge_000\Desktop\JRT.exe 2015-02-06 09:21 - 2015-02-06 09:21 - 00000101 ____H () C:\Users\jurge_000\Desktop\.~lock.Spam.odt# 2015-02-06 09:12 - 2015-02-06 09:12 - 00024589 _____ () C:\Users\jurge_000\Desktop\Spam.odt 2015-02-06 09:05 - 2015-02-06 09:18 - 00000000 ____D () C:\AdwCleaner 2015-02-06 09:02 - 2015-02-06 09:02 - 02112512 _____ () C:\Users\jurge_000\Desktop\AdwCleaner_4.110.exe 2015-02-05 20:33 - 2015-02-06 09:35 - 00000000 ____D () C:\FRST 2015-02-05 20:31 - 2015-02-05 20:31 - 02131968 _____ (Farbar) C:\Users\jurge_000\Desktop\FRST64.exe 2015-02-05 13:40 - 2015-02-05 13:40 - 00326104 _____ () C:\WINDOWS\Minidump\020515-26484-01.dmp 2015-02-03 20:40 - 2015-02-03 20:41 - 00326104 _____ () C:\WINDOWS\Minidump\020315-27343-01.dmp 2015-02-03 17:42 - 2015-02-03 17:42 - 00326048 _____ () C:\WINDOWS\Minidump\020315-29312-01.dmp 2015-01-29 22:50 - 2015-01-29 22:50 - 00001014 _____ () C:\Users\jurge_000\Desktop\TinyPic.lnk 2015-01-29 22:50 - 2015-01-29 22:50 - 00000000 ____D () C:\Program Files (x86)\Tinypic 2015-01-28 22:01 - 2015-01-28 22:01 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity 2015-01-27 23:05 - 2015-01-28 22:03 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Audacity 2015-01-27 23:04 - 2015-01-27 23:04 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-01-27 23:04 - 2015-01-27 23:04 - 00001030 _____ () C:\Users\Public\Desktop\Audacity.lnk 2015-01-27 23:04 - 2015-01-27 23:04 - 00000000 ____D () C:\Program Files (x86)\Audacity 2015-01-27 14:19 - 2015-01-27 14:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 00:19 - 2014-12-06 07:43 - 14489797 _____ () C:\Users\jurge_000\Desktop\Wie Sie mehr fotografieren und weniger knipsen - Thomas Stephan.epub 2015-01-25 21:10 - 2015-01-25 21:10 - 00326048 _____ () C:\WINDOWS\Minidump\012515-24062-01.dmp 2015-01-24 23:07 - 2015-01-24 23:07 - 00326104 _____ () C:\WINDOWS\Minidump\012415-21953-01.dmp 2015-01-24 21:47 - 2015-01-24 21:48 - 00326048 _____ () C:\WINDOWS\Minidump\012415-26687-01.dmp 2015-01-22 10:19 - 2015-01-22 10:19 - 00000000 ____D () C:\Users\jurge_000\Desktop\HUK 2015-01-22 10:16 - 2015-01-22 10:16 - 00000472 _____ () C:\Users\jurge_000\Desktop\Volume (F) - Verknüpfung.lnk 2015-01-21 00:39 - 2015-01-21 00:39 - 00326160 _____ () C:\WINDOWS\Minidump\012115-29281-01.dmp 2015-01-18 11:36 - 2015-01-18 11:36 - 00001110 _____ () C:\Users\Public\Desktop\Terminplaner .Net.lnk 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\RDecke 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terminplaner.NET 2015-01-18 11:36 - 2015-01-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Terminplaner.NET 2015-01-18 11:35 - 2015-01-18 11:34 - 04718515 _____ (Ronny Decke ) C:\Users\jurge_000\Downloads\setup_CB-DL-Manager [1].exe 2015-01-16 21:45 - 2015-02-04 00:27 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\stickies 2015-01-16 21:45 - 2015-01-16 21:45 - 00000667 _____ () C:\WINDOWS\uninstallstickies.bat 2015-01-16 21:45 - 2015-01-16 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stickies 2015-01-16 21:45 - 2015-01-16 21:45 - 00000000 ____D () C:\Program Files (x86)\Stickies 2015-01-15 22:02 - 2015-01-15 22:02 - 00460040 _____ () C:\Users\jurge_000\Desktop\Unbenannt 1.odt 2015-01-15 09:54 - 2015-01-15 09:54 - 00000000 ___HD () C:\Users\jurge_000\Desktop\.picasaoriginals 2015-01-14 22:32 - 2015-01-15 11:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 22:00 - 2015-01-14 22:00 - 00001429 _____ () C:\Users\jurge_000\Desktop\bp - Verknüpfung.lnk 2015-01-14 11:47 - 2015-01-14 11:47 - 00001860 _____ () C:\Users\jurge_000\Desktop\PTEditor - Verknüpfung.lnk 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Tab Software 2015-01-14 11:42 - 2015-01-14 11:42 - 00000000 ____D () C:\Program Files (x86)\Power Tab Software 2015-01-14 11:39 - 2015-01-14 11:39 - 05917258 _____ () C:\Users\jurge_000\Downloads\powertab1.7.zip 2015-01-14 08:53 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 08:53 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 08:53 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 08:53 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 08:53 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 08:53 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 08:53 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 08:53 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 08:53 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 08:53 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 08:53 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 08:53 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 08:53 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 08:53 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 08:53 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 08:53 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 08:53 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 08:53 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 08:53 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 08:52 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 08:52 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 08:52 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 08:52 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-07 23:38 - 2015-01-07 23:38 - 00326160 _____ () C:\WINDOWS\Minidump\010715-23000-01.dmp 2015-01-07 23:01 - 2015-01-07 23:01 - 00326160 _____ () C:\WINDOWS\Minidump\010715-28203-01.dmp 2015-01-07 11:21 - 2015-01-07 11:21 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\Guitar Pro 6 2015-01-07 11:21 - 2015-01-07 11:21 - 00000000 ____D () C:\ProgramData\Guitar Pro 6 2015-01-07 11:20 - 2015-01-07 11:20 - 00000991 _____ () C:\Users\Public\Desktop\Guitar Pro 6.lnk 2015-01-07 11:20 - 2015-01-07 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6 2015-01-07 11:19 - 2015-01-07 11:20 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 6 2015-01-07 09:21 - 2015-01-07 09:21 - 00309776 _____ () C:\WINDOWS\Minidump\010715-24203-01.dmp 2015-01-07 08:59 - 2015-01-07 08:59 - 00305680 _____ () C:\WINDOWS\Minidump\010715-23218-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 09:29 - 2014-12-30 09:22 - 01867478 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-06 09:21 - 2014-08-28 11:52 - 00000000 ___DO () C:\Users\jurge_000\OneDrive 2015-02-06 09:20 - 2014-12-30 09:23 - 00013969 _____ () C:\WINDOWS\setupact.log 2015-02-06 09:20 - 2014-09-12 21:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-06 09:20 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-06 09:19 - 2014-12-29 23:52 - 00000872 _____ () C:\WINDOWS\PFRO.log 2015-02-06 09:19 - 2014-05-12 11:51 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin 2015-02-06 09:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-06 09:18 - 2014-09-04 22:35 - 00000000 ____D () C:\Users\jurge_000 2015-02-06 09:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-06 08:52 - 2014-09-04 22:35 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Pokki 2015-02-05 23:41 - 2014-11-29 22:43 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-05 21:31 - 2014-09-04 22:49 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3178874078-4208927294-2124628208-1002 2015-02-05 20:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-05 20:48 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-05 20:29 - 2014-09-27 08:01 - 00003178 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForjurge_000 2015-02-05 20:29 - 2014-09-27 08:01 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForjurge_000.job 2015-02-05 13:42 - 2014-09-04 23:07 - 00002305 _____ () C:\Users\jurge_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-02-05 13:41 - 2014-05-12 12:05 - 02231725 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e 2015-02-05 13:40 - 2014-12-29 23:52 - 534231311 _____ () C:\WINDOWS\MEMORY.DMP 2015-02-05 13:40 - 2014-10-06 21:27 - 00000000 ____D () C:\WINDOWS\Minidump 2015-02-04 22:41 - 2014-11-29 22:43 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-03 20:31 - 2014-09-08 10:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-09-08 10:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 17:41 - 2014-09-04 23:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-03 09:45 - 2014-04-22 00:14 - 00800954 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-03 09:45 - 2014-04-22 00:14 - 00174458 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-03 09:45 - 2013-08-26 07:09 - 01921090 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-02 01:04 - 2014-09-05 21:03 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\vlc 2015-01-30 19:24 - 2014-10-03 19:18 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-30 19:24 - 2014-09-26 21:01 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-01-28 01:31 - 2014-08-28 16:23 - 00000000 ____D () C:\Users\jurge_000\Documents\Calibre-Bibliothek 2015-01-26 20:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2015-01-24 20:42 - 2014-12-23 21:25 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Windows Live 2015-01-17 20:56 - 2013-08-22 15:44 - 00379016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-17 20:55 - 2014-12-23 23:09 - 00000000 ____D () C:\Program Files (x86)\DivX 2015-01-16 22:39 - 2014-09-07 23:34 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-16 21:56 - 2014-09-07 23:34 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-15 09:28 - 2014-12-23 21:02 - 00000000 ____D () C:\Users\jurge_000\AppData\Roaming\DVD Flick 2015-01-14 22:08 - 2014-12-23 23:08 - 00000000 ____D () C:\ProgramData\DivX 2015-01-14 11:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-07 23:07 - 2014-09-16 22:19 - 00000000 ____D () C:\Users\jurge_000\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2014-12-23 21:07 - 2014-12-23 21:07 - 0092702 _____ () C:\Users\jurge_000\AppData\Local\349311A3_stp.CIS 2014-12-23 21:07 - 2014-12-23 21:07 - 0000289 _____ () C:\Users\jurge_000\AppData\Local\349311A3_stp.CIS.part 2014-12-23 21:07 - 2014-12-23 21:07 - 0000000 _____ () C:\Users\jurge_000\AppData\Local\5BFEE0EB_stp.EXE 2014-12-23 21:08 - 2014-12-23 21:08 - 0000203 _____ () C:\Users\jurge_000\AppData\Local\5BFEE0EB_stp.EXE.part 2014-12-23 21:07 - 2014-12-23 21:08 - 0178814 _____ () C:\Users\jurge_000\AppData\Local\6AD0D82B_stp.CIS 2014-12-23 21:08 - 2014-12-23 21:08 - 0000238 _____ () C:\Users\jurge_000\AppData\Local\6AD0D82B_stp.CIS.part 2014-12-23 23:22 - 2014-12-23 23:22 - 0007680 _____ () C:\Users\jurge_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-28 22:59 - 2014-09-28 22:59 - 0002063 _____ () C:\Users\jurge_000\AppData\Local\recently-used.xbel 2014-09-18 08:32 - 2014-09-18 08:32 - 0001534 _____ () C:\ProgramData\ss.ini Some content of TEMP: ==================== C:\Users\jurge_000\AppData\Local\Temp\-meblazn.dll C:\Users\jurge_000\AppData\Local\Temp\0hgn9bp4.dll C:\Users\jurge_000\AppData\Local\Temp\2cvjg2ui.dll C:\Users\jurge_000\AppData\Local\Temp\6utolcnp.dll C:\Users\jurge_000\AppData\Local\Temp\73celdui.dll C:\Users\jurge_000\AppData\Local\Temp\75crf8bq.dll C:\Users\jurge_000\AppData\Local\Temp\bfntpetm.dll C:\Users\jurge_000\AppData\Local\Temp\bswjrtpw.dll C:\Users\jurge_000\AppData\Local\Temp\ceaqyslu.dll C:\Users\jurge_000\AppData\Local\Temp\e-mlvuyr.dll C:\Users\jurge_000\AppData\Local\Temp\e6jz9of_.dll C:\Users\jurge_000\AppData\Local\Temp\f0hameyt.dll C:\Users\jurge_000\AppData\Local\Temp\fddto3ya.dll C:\Users\jurge_000\AppData\Local\Temp\kgltleq3.dll C:\Users\jurge_000\AppData\Local\Temp\kszb4xaf.dll C:\Users\jurge_000\AppData\Local\Temp\lnztk08r.dll C:\Users\jurge_000\AppData\Local\Temp\mkbvhnur.dll C:\Users\jurge_000\AppData\Local\Temp\ndpkfgcn.dll C:\Users\jurge_000\AppData\Local\Temp\nywbxm0o.dll C:\Users\jurge_000\AppData\Local\Temp\o3sbkbok.dll C:\Users\jurge_000\AppData\Local\Temp\oct7F93.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octA4B3.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octBDA5.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\p077xjfc.dll C:\Users\jurge_000\AppData\Local\Temp\pg93yw8i.dll C:\Users\jurge_000\AppData\Local\Temp\qj-iiie1.dll C:\Users\jurge_000\AppData\Local\Temp\Quarantine.exe C:\Users\jurge_000\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\jurge_000\AppData\Local\Temp\sltr_ugu.dll C:\Users\jurge_000\AppData\Local\Temp\sqlite3.dll C:\Users\jurge_000\AppData\Local\Temp\uadakbsc.dll C:\Users\jurge_000\AppData\Local\Temp\ule4l8cl.dll C:\Users\jurge_000\AppData\Local\Temp\upkx7dkr.dll C:\Users\jurge_000\AppData\Local\Temp\v53idcfd.dll C:\Users\jurge_000\AppData\Local\Temp\xk9w7_gr.dll C:\Users\jurge_000\AppData\Local\Temp\yntr8xkm.dll C:\Users\jurge_000\AppData\Local\Temp\zna2d3-v.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 23:32 ==================== End Of Log ============================ --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015 Ran by jurge_000 at 2015-02-06 09:36:39 Running from C:\Users\jurge_000\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{123A22CB-6D84-4135-A71F-886C9119E996}) (Version: 99.9 - Eyeo GmbH) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{C3E5B3AF-12F2-9E42-B493-9490DC745953}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden BestPractice (remove only) (HKLM-x32\...\BestPractice) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden calibre (HKLM-x32\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) ClearProg 1.6.1 Beta 7 (HKLM-x32\...\ClearProg) (Version: 1.6.1 Beta 7 - Sven Hoffman) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Drakensang Online (HKLM-x32\...\Drakensang Online) (Version: - ) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) DVDStyler v2.8 (HKLM-x32\...\DVDStyler_is1) (Version: - ) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden FreeRIP MP3 Converter 4.5.3 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.3 - GreenTree Applications SRL) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden hide.me VPN Version 1.0.5 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.0.5 - eVenture Limited) HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{E9FA2CA2-B7B2-43E6-8449-A1618B042EAE}) (Version: 1.1.3 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.) OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Pokki Download Helper (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software) ProgDVB (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.) Startmenü (HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki) Stickies 8.0b (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated) Terminplaner .Net (HKLM-x32\...\{AFC4FEEE-6E08-4CC9-815E-5CEDF2C15E2E}_is1) (Version: - Ronny Decke) Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler) Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.9.2.1 - ) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Warhammer 40,000: Dawn Of War - Gold Edition (HKLM-x32\...\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}) (Version: 1.51 - THQ) Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-01-2015 23:14:09 Windows Update 05-02-2015 20:46:30 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1E5F545C-3E53-4CA6-B6DD-F9468D990F15} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {1FCE01D1-1F20-491A-826D-FC2FEDABDE89} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-16] (Microsoft Corporation) Task: {2595D899-3540-46DF-9B78-8F72E3C1BB4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {5E9E3CCA-3E56-426D-869F-2887A3F1CFBF} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe [2014-11-26] () Task: {72535254-1F4B-4441-8985-5D973E0A9A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {748AFF38-E65C-433E-ABBF-1B96A97DE684} - System32\Tasks\HPCeeScheduleForjurge_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {7605FDD8-C91D-46F6-B3D4-B8B886B65688} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {783FB339-C2A9-4C97-9225-8886277D380D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {7BFA62DA-E2B5-4499-BDE4-6596E6DBB0AA} - System32\Tasks\Chrome => C:\Users\jurge_000\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION Task: {7DC3868F-F8C4-48C3-BBE6-712B4ACFBBC1} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.) Task: {AE65EE86-DE40-4F81-9EF9-97F606D399EB} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe Task: {CBCBF33A-327C-4E89-9654-A454F3F17EC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {D61F64F2-D634-494C-8ADB-4A8DB675B301} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {E8AD23A2-1FC5-4477-8255-3438445694AD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForjurge_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-01 17:38 - 2014-03-01 17:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-01 17:34 - 2014-03-01 17:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-01 17:52 - 2014-03-01 17:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-01 17:52 - 2014-03-01 17:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2008-09-09 10:22 - 2008-09-09 10:22 - 00022016 _____ () C:\WINDOWS\System32\sst1cl6.dll 2014-09-09 20:46 - 2014-04-16 09:22 - 00029184 _____ () C:\WINDOWS\System32\usp01l.dll 2014-03-15 01:21 - 2014-03-15 01:21 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2014-03-15 01:20 - 2014-03-15 01:20 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-05-12 12:00 - 2014-03-05 17:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2014-03-01 17:41 - 2014-03-01 17:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-12-30 00:07 - 2014-11-26 11:40 - 01071768 _____ () C:\Program Files (x86)\hide.me VPN\Hide.me.exe 2014-12-14 12:07 - 2014-12-14 12:07 - 00381888 _____ () C:\Program Files (x86)\ProgDVB\ProgLauncher.exe 2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll 2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll 2014-12-30 00:07 - 2014-11-26 11:34 - 00102400 _____ () C:\Program Files (x86)\hide.me VPN\de-DE\Hide.me.resources.dll 2014-08-13 08:27 - 2014-08-13 08:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll 2014-07-29 12:34 - 2014-07-29 12:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData:gs5sys AlternateDataStreams: C:\Users\jurge_000:gs5sys AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys AlternateDataStreams: C:\ProgramData\Temp:10894A2E AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys AlternateDataStreams: C:\Users\jurge_000\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\jurge_000\Cookies:gs5sys AlternateDataStreams: C:\Users\jurge_000\Lokale Einstellungen:gs5sys AlternateDataStreams: C:\Users\jurge_000\OneDrive:ms-properties AlternateDataStreams: C:\Users\jurge_000\Vorlagen:gs5sys AlternateDataStreams: C:\Users\jurge_000\Desktop\desktop.ini:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Roaming:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local\Anwendungsdaten:gs5sys AlternateDataStreams: C:\Users\jurge_000\AppData\Local\Verlauf:gs5sys AlternateDataStreams: C:\Users\jurge_000\Documents\desktop.ini:gs5sys AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jurge_000\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3178874078-4208927294-2124628208-500 - Administrator - Disabled) => C:\Users\Administrator Gast (S-1-5-21-3178874078-4208927294-2124628208-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3178874078-4208927294-2124628208-1004 - Limited - Enabled) jurge_000 (S-1-5-21-3178874078-4208927294-2124628208-1002 - Administrator - Enabled) => C:\Users\jurge_000 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics Percentage of memory in use: 37% Total physical RAM: 3519.68 MB Available physical RAM: 2195.52 MB Total Pagefile: 7103.68 MB Available Pagefile: 5642.46 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:71.31 GB) (Free:27.78 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:22.33 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Volume) (Fixed) (Total:346.68 GB) (Free:143.64 GB) NTFS Drive g: (Volume) (Fixed) (Total:24.41 GB) (Free:20.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 55152BDD) Partition: GPT Partition Type. ==================== End Of Log ============================ |
06.02.2015, 11:42 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Task: {7BFA62DA-E2B5-4499-BDE4-6596E6DBB0AA} - System32\Tasks\Chrome => C:\Users\jurge_000\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION C:\Users\jurge_000\AppData\Local\Temp\Rau C:\Users\jurge_000\AppData\Local\Temp\-meblazn.dll C:\Users\jurge_000\AppData\Local\Temp\0hgn9bp4.dll C:\Users\jurge_000\AppData\Local\Temp\2cvjg2ui.dll C:\Users\jurge_000\AppData\Local\Temp\6utolcnp.dll C:\Users\jurge_000\AppData\Local\Temp\73celdui.dll C:\Users\jurge_000\AppData\Local\Temp\75crf8bq.dll C:\Users\jurge_000\AppData\Local\Temp\bfntpetm.dll C:\Users\jurge_000\AppData\Local\Temp\bswjrtpw.dll C:\Users\jurge_000\AppData\Local\Temp\ceaqyslu.dll C:\Users\jurge_000\AppData\Local\Temp\e-mlvuyr.dll C:\Users\jurge_000\AppData\Local\Temp\e6jz9of_.dll C:\Users\jurge_000\AppData\Local\Temp\f0hameyt.dll C:\Users\jurge_000\AppData\Local\Temp\fddto3ya.dll C:\Users\jurge_000\AppData\Local\Temp\kgltleq3.dll C:\Users\jurge_000\AppData\Local\Temp\kszb4xaf.dll C:\Users\jurge_000\AppData\Local\Temp\lnztk08r.dll C:\Users\jurge_000\AppData\Local\Temp\mkbvhnur.dll C:\Users\jurge_000\AppData\Local\Temp\ndpkfgcn.dll C:\Users\jurge_000\AppData\Local\Temp\nywbxm0o.dll C:\Users\jurge_000\AppData\Local\Temp\o3sbkbok.dll C:\Users\jurge_000\AppData\Local\Temp\oct7F93.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octA4B3.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octBDA5.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\p077xjfc.dll C:\Users\jurge_000\AppData\Local\Temp\pg93yw8i.dll C:\Users\jurge_000\AppData\Local\Temp\qj-iiie1.dll C:\Users\jurge_000\AppData\Local\Temp\Quarantine.exe C:\Users\jurge_000\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\jurge_000\AppData\Local\Temp\sltr_ugu.dll C:\Users\jurge_000\AppData\Local\Temp\sqlite3.dll C:\Users\jurge_000\AppData\Local\Temp\uadakbsc.dll C:\Users\jurge_000\AppData\Local\Temp\ule4l8cl.dll C:\Users\jurge_000\AppData\Local\Temp\upkx7dkr.dll C:\Users\jurge_000\AppData\Local\Temp\v53idcfd.dll C:\Users\jurge_000\AppData\Local\Temp\xk9w7_gr.dll C:\Users\jurge_000\AppData\Local\Temp\yntr8xkm.dll C:\Users\jurge_000\AppData\Local\Temp\zna2d3-v.dll cmd: type C:\ProgramData\ss.ini EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
06.02.2015, 22:44 | #5 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a OK! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by jurge_000 at 2015-02-06 22:38:53 Run:3 Running from C:\Users\jurge_000\Desktop\Putze Loaded Profiles: jurge_000 (Available profiles: jurge_000 & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Task: {7BFA62DA-E2B5-4499-BDE4-6596E6DBB0AA} - System32\Tasks\Chrome => C:\Users\jurge_000\AppData\Local\Temp\Rau\PackerV2.exe <==== ATTENTION C:\Users\jurge_000\AppData\Local\Temp\Rau C:\Users\jurge_000\AppData\Local\Temp\-meblazn.dll C:\Users\jurge_000\AppData\Local\Temp\0hgn9bp4.dll C:\Users\jurge_000\AppData\Local\Temp\2cvjg2ui.dll C:\Users\jurge_000\AppData\Local\Temp\6utolcnp.dll C:\Users\jurge_000\AppData\Local\Temp\73celdui.dll C:\Users\jurge_000\AppData\Local\Temp\75crf8bq.dll C:\Users\jurge_000\AppData\Local\Temp\bfntpetm.dll C:\Users\jurge_000\AppData\Local\Temp\bswjrtpw.dll C:\Users\jurge_000\AppData\Local\Temp\ceaqyslu.dll C:\Users\jurge_000\AppData\Local\Temp\e-mlvuyr.dll C:\Users\jurge_000\AppData\Local\Temp\e6jz9of_.dll C:\Users\jurge_000\AppData\Local\Temp\f0hameyt.dll C:\Users\jurge_000\AppData\Local\Temp\fddto3ya.dll C:\Users\jurge_000\AppData\Local\Temp\kgltleq3.dll C:\Users\jurge_000\AppData\Local\Temp\kszb4xaf.dll C:\Users\jurge_000\AppData\Local\Temp\lnztk08r.dll C:\Users\jurge_000\AppData\Local\Temp\mkbvhnur.dll C:\Users\jurge_000\AppData\Local\Temp\ndpkfgcn.dll C:\Users\jurge_000\AppData\Local\Temp\nywbxm0o.dll C:\Users\jurge_000\AppData\Local\Temp\o3sbkbok.dll C:\Users\jurge_000\AppData\Local\Temp\oct7F93.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octA4B3.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\octBDA5.tmp.exe C:\Users\jurge_000\AppData\Local\Temp\p077xjfc.dll C:\Users\jurge_000\AppData\Local\Temp\pg93yw8i.dll C:\Users\jurge_000\AppData\Local\Temp\qj-iiie1.dll C:\Users\jurge_000\AppData\Local\Temp\Quarantine.exe C:\Users\jurge_000\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\jurge_000\AppData\Local\Temp\sltr_ugu.dll C:\Users\jurge_000\AppData\Local\Temp\sqlite3.dll C:\Users\jurge_000\AppData\Local\Temp\uadakbsc.dll C:\Users\jurge_000\AppData\Local\Temp\ule4l8cl.dll C:\Users\jurge_000\AppData\Local\Temp\upkx7dkr.dll C:\Users\jurge_000\AppData\Local\Temp\v53idcfd.dll C:\Users\jurge_000\AppData\Local\Temp\xk9w7_gr.dll C:\Users\jurge_000\AppData\Local\Temp\yntr8xkm.dll C:\Users\jurge_000\AppData\Local\Temp\zna2d3-v.dll cmd: type C:\ProgramData\ss.ini EmptyTemp: Hosts: ***************** HKU\S-1-5-21-3178874078-4208927294-2124628208-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFA62DA-E2B5-4499-BDE4-6596E6DBB0AA} => Key not found. C:\Windows\System32\Tasks\Chrome not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chrome => Key not found. "C:\Users\jurge_000\AppData\Local\Temp\Rau" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\-meblazn.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\0hgn9bp4.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\2cvjg2ui.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\6utolcnp.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\73celdui.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\75crf8bq.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\bfntpetm.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\bswjrtpw.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\ceaqyslu.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\e-mlvuyr.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\e6jz9of_.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\f0hameyt.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\fddto3ya.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\kgltleq3.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\kszb4xaf.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\lnztk08r.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\mkbvhnur.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\ndpkfgcn.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\nywbxm0o.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\o3sbkbok.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\oct7F93.tmp.exe" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\octA4B3.tmp.exe" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\octBDA5.tmp.exe" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\p077xjfc.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\pg93yw8i.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\qj-iiie1.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\SearchProtectionSetup.exe" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\sltr_ugu.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\sqlite3.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\uadakbsc.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\ule4l8cl.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\upkx7dkr.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\v53idcfd.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\xk9w7_gr.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\yntr8xkm.dll" => File/Directory not found. "C:\Users\jurge_000\AppData\Local\Temp\zna2d3-v.dll" => File/Directory not found. ========= type C:\ProgramData\ss.ini ========= [ss]3-fb002485eaf16e49b0ddff28b1b63300=13-fa86a96e840fabd0de6e972f917b2288=13-f7b1623c15f264e6d3c8ffe011f5ca3d=13-f21a29e39be1c11bc97814b8496e6798=13-e706cab3051a7f0663bc8bc77c7c2bcd=13-e68878d4b1194179dd86f4bdea78b821=13-d07fc6c535cc527178e0431fdf4e295d=13-cc5c0e2c5855d6e906f549d87fa5f5e1=13-cb1f63e5fd1072474ef882bea1cb4122=13-c82067eb79f3eff34bad44872c57f7ae=13-c1bdc356121231463c8e1eb7dae33bce=13-be8cb0f354fbdeb9adbc636f3085ea09=13-b8756211afb0148c9d4e34af3d0777d5=13-b804eb77c2cca25b83acfdca20caa4c0=13-b75069d28571cc0f652b9c07e83b433e=13-b52464a9ad58439f5682061929deafea=13-b06a0a52410e4e794c426d97ad94a712=13-a63c5966819e09092ba817fbc0a39760=13-9e8ac6ed29e7352a9cd185311077099c=13-9cff4ef280142d01f99824e880d73e6b=13-88087115dadbcba984f1ca140f276309=13-8720f518ef756f3a69475d0335c91e78=13-7551b01f3e97da05f4f9f153e973c8ad=13-74ab7846dcd5448269cca74e07e20a8b=13-6a38658ddd69f99832c6738f92286919=13-6026ea040f525d4d740721d9a20141af=13-5ff1ca790db2da0f75014d0df8e99f2d=13-50c5a8ed93d877a2ef54231d61641276=13-49fcbf9dc6a3d8c16e69089bf0f42672=13-409cf7b35835f1faa55c43407bf6f554=13-3fc144869ef7a47edc425422e471edc2=13-35a052c29d1214d8f9f7215b75473736=13-34f5f189a7c8f27d18b292f6de73d39c=13-24c547e371deee78ecab53c6c0180c30=13-2128e206206b0f56003a969745889969=13-1cd7353eb46ac4b7f800a8f4bb87451f=13-19c83f7d698439b20074c1b2c8a05f89=13-1855c601bb04ee5430ebd69b2d1f7ae8=13-11b46a42825c4a3082ba3e51b84f8907=1 ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 389.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:39:26 ==== |
06.02.2015, 22:53 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ --> Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a |
08.02.2015, 01:18 | #7 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Hi, leider funktioniert seit dem Malwarebytes Anti-Malware-Bedrohungssuchlauf-Schritt, bei dem ich 4 "Dinger" in Quanantäne geschickt habe mein Internet nicht mehr. "GelbesDreieck" Alle Netzwerkadapter sind deaktiviert. Möchten Sie diese aktivieren? Was soll man in diesem Fall machen? Vielen lieben Dank für Eure Hilfe schon im vorraus! Schöne Grüße. Jürgen OK. Hab jetzt den Malwarebytes-Bericht. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 08.02.2015 Suchlauf-Zeit: 00:28:55 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.08 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: jurge_000 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 384865 Verstrichene Zeit: 30 Min, 30 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Schlaft gut. Vielen lieben Dank einstweilen. Jürgen |
08.02.2015, 14:03 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Dann bitte auch das richtige Log posten und nicht eins ohne Funde.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2015, 09:09 | #9 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Sorry, musste mich dringend um die Steuer kümmern. Ich hoffe dies ist das richtige Log. Schöne Grüße. Jürgen Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.02.2015 Suchlauf-Zeit: 23:35:45 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.08 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: jurge_000 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 385153 Verstrichene Zeit: 35 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Linkury.A, HKU\S-1-5-21-3178874078-4208927294-2124628208-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [5ee2d645305a5bdb98d10b96996af40c], Registrierungswerte: 1 PUP.Optional.Linkury.A, HKU\S-1-5-21-3178874078-4208927294-2124628208-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, YahooCV, In Quarantäne, [5ee2d645305a5bdb98d10b96996af40c] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 2 PUP.Optional.SnapDo.A, C:\Windows\Installer\746672a.msi, In Quarantäne, [6bd5ef2c553546f067e5367459a8b749], PUP.Optional.VeriStaff, C:\Windows\Installer\7466730.msi, In Quarantäne, [e759dc3f3b4fe74fc0cc58054bb56c94], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
10.02.2015, 11:36 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Da wurde nur Werbekacke entfernt. Check mal die Proxysettings, dann ESET wiederholen. Falsche Proxy Einstellungen entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
11.02.2015, 21:54 | #11 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Hi, hier, bitteschön. Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=b03a7844b395a34eae047084f2290347 # engine=22407 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-11 12:38:33 # local_time=2015-02-11 01:38:33 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Anti-Virus' # compatibility_mode=1293 16777213 100 100 272060 55093135 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 7006386 15022491 0 0 # scanned=225308 # found=76 # cleaned=0 # scan_time=7910 sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=FFE23BDD6346E7C5D29C42177F20155CC9F46D54 ft=1 fh=7a155473475e5bcb vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia.exe.vir" sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\smia64.exe.vir" sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir" sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir" sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir" sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir" sh=FFB6DEEA914EDB830A2065A83CC43B06952DCDFB ft=1 fh=bbcfb579c6e9abfa vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir" sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir" sh=1FC6D13E860C374F82E7ED794D90F2FFF76BF452 ft=1 fh=6c14e3e167a49ab7 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir" sh=A41A407346118B661CEC513AD36A4482033251C6 ft=1 fh=13b93acb53fc915a vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir" sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=FFE23BDD6346E7C5D29C42177F20155CC9F46D54 ft=1 fh=7a155473475e5bcb vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\smia.exe.vir" sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\smia64.exe.vir" sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\sppsm.dll.vir" sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\spusm.dll.vir" sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\srbs.dll.vir" sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\srbu.dll.vir" sh=FFB6DEEA914EDB830A2065A83CC43B06952DCDFB ft=1 fh=bbcfb579c6e9abfa vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\srptc.dll.vir" sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\srut.dll.vir" sh=1FC6D13E860C374F82E7ED794D90F2FFF76BF452 ft=1 fh=6c14e3e167a49ab7 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\Resources\ntdis_32.dll.vir" sh=A41A407346118B661CEC513AD36A4482033251C6 ft=1 fh=13b93acb53fc915a vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\LPT\Resources\ntdis_64.dll.vir" sh=35648CFDB3F4BAE6E276BDCB69A7A02D4DD50A14 ft=1 fh=c71c001115670a5f vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\RGMService\MonetizationToolsManager.dll.vir" sh=DEF493B414D196E9819ED83C771DCB9F292B3D20 ft=1 fh=6bafd9f7d982dd86 vn="Variante von MSIL/Toolbar.Linkury.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\RGMService\RBS\ResetBrowserSettings.exe.vir" sh=CF5AA05A6E333AA9885344A74206B0A4E75759EB ft=1 fh=7082011e713b1fc7 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Lrcnta.exe.vir" sh=8DB951F086E31E6D73AE7F3A7016C48E549B0523 ft=1 fh=983755a175bf1f76 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.exe.vir" sh=4C685D9DCC2D144D70ED50B918660F8C86A71BAF ft=1 fh=c4739051513afd1d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir" sh=24B15C15E9C1B13854A6C30CB9DE35B422AE6A4B ft=1 fh=11858545bf819d27 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir" sh=5B47B8E46C04FA3CE610CD1C583F2A77C8768BED ft=1 fh=b022a1896b0948ba vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir" sh=64E541FF22567CC88631E1B5B21DCE0A68A01436 ft=1 fh=2295c923ac6e9738 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir" sh=28B1091D6D02EC40B4FA9D3B43E3274519500CC2 ft=1 fh=dc3dd842225a5598 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=78D9E0411C1526954C2CBE6323DEEB2785DDEE4A ft=1 fh=fdb7dcf1b7f59c67 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir" sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=1FF9AF16D449C2BFB1EF1E7FA06BCDAA583F30A3 ft=1 fh=149a39831ca470ca vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir" sh=FA6AF80E753D92E2CDEAB92813DEDBD8424A8E09 ft=1 fh=c3a50bcc4f306f01 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\smia64.exe.vir" sh=618D7CCD8FC26B9DD182002D94FDE0EC2412A339 ft=1 fh=6cae1c096c687eea vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\smsp.dll.vir" sh=7AB836645400B6C93597C98F01344925B26ECB34 ft=1 fh=ccaa2072c2336201 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\smta.dll.vir" sh=EB25F2FC448AACEAA3E5CB017E712369E42C9747 ft=1 fh=6f92e9d9af0788c8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\smtu.dll.vir" sh=202B30E1DE95B9E2326E84C56125C4332788EDA8 ft=1 fh=85a07bdf5b422be2 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\spbe.dll.vir" sh=911497C3842999564F201A892883380B0DDC0F6D ft=1 fh=6071f30fc8aea719 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\spbl.dll.vir" sh=0A97E76D470BDF2FEC3210A9481458F73FA11FC5 ft=1 fh=0a1e00ceb507ee08 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\sppsm.dll.vir" sh=5203FC48184140370D77A233D2B87E38789D1FAE ft=1 fh=4a7e921095e7b713 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\spusm.dll.vir" sh=F942C2DDD83B52C19800599A1EDC41CF4DD4B85B ft=1 fh=08056106f4cd783d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\srbs.dll.vir" sh=BDA09511E34B5B402029090624B8C16B2740EFBB ft=1 fh=4cddddbd6f60add9 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\srbu.dll.vir" sh=F3EB186AE221978925BDF95B9EBD7110B7B29361 ft=1 fh=5ffd94704bbd93ac vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\srpu.dll.vir" sh=B18AD571FCE903550FFBF758EAF2C042266690AD ft=1 fh=eef0b21cf141f89e vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\srut.dll.vir" sh=C017F422723F95B2F7A57B0EAED2615F60C0A233 ft=1 fh=0d7aa04b8ca04d08 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir" sh=00E358003E82516A33E3D834CDA66362E1CE113D ft=1 fh=bed6c6187d6e6527 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir" sh=3A3E33010480F28C82F13F9B82A8A8250A4E24C9 ft=1 fh=dac6c464e5f8caf3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir" sh=E924ACC7D0ADA5E9DCD9BF470F43C111DA7DCAC0 ft=1 fh=f7ce5c0d4777c675 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir" sh=3104A4AF7EE939C3A72311EEFC655D9E90C84E6D ft=1 fh=20179e17001b2b68 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir" sh=4BEC847ED8A9161B730C7FC3CE8BF88B459AFC26 ft=1 fh=64a2134b5fbfb573 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir" sh=188BCFB0653F0BBCE88A1E22BC3CC8FD0C433134 ft=1 fh=96d9225e06f9ddbf vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\jurge_000\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir" sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\jurge_000\AppData\Local\Temp\DMR\dmr_72.exe" sh=DEDA45C63E1185FA1592665EB9D5965BE5749E00 ft=1 fh=4bfbfda47151cc12 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Audacity - CHIP-Installer.exe" sh=7196657FB634AE0DC1E74F63BFF7084AAE65BD86 ft=1 fh=c975c3b39b62b337 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Audiograbber - CHIP-Installer.exe" sh=28991B8026FBF8404B46DC0FB0585F654D61009C ft=1 fh=c74cf65e17d5d4b4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\BestPractice - CHIP-Installer.exe" sh=56E5C4295F4F639243F6086ED2DB584B7E4D5A56 ft=1 fh=e905bfd3951424d5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Calibre 32 Bit - CHIP-Installer.exe" sh=2300ED701C93D7BDEB274F1E47A334B24E238A1E ft=1 fh=b81dc851f8eec9d0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Classic Shell - CHIP-Installer.exe" sh=AC942B0A61EACA353897F166F618F9C5441AB92E ft=1 fh=062f43bd9151abbd vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\DLL-Scan-lnstall.exe" sh=560CAE6057E9408879E60DAA3D1B77795BA5BBDE ft=1 fh=1e42801ea709b553 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\download_audiograbber.exe" sh=88A1B3AFC247CF6D677F3E3B7B1D14E95D3014FA ft=1 fh=e67153d6eb8236a0 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\freerip_28679.exe" sh=4E16F7E771678A8961EB5F35AB9B2FE87A32ED05 ft=1 fh=a89b724694bc1742 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Guitar Pro - CHIP-Installer.exe" sh=564857EDB83A2563C4F2FE8A1B4E3A12554CB0AC ft=1 fh=2be3d3591cf15d4a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Pokki - CHIP-Installer.exe" sh=B74703565BBB7BB15A2453EC3CE627F7BE47BF26 ft=1 fh=848c040bfa9f2d3f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Power Tab Editor - CHIP-Installer.exe" sh=AEA24587313A0D357078A505F8D645A665C2CF70 ft=1 fh=79689d6713b702e8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\ProgDVB 32 Bit - CHIP-Installer.exe" sh=C7ADEB1FC76EFFE0A13B7E26A73D724593DF331F ft=1 fh=d2bdee2b383f015e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Rainlendar Lite 32 Bit - CHIP-Installer.exe" sh=1BADDE6C3DDC4489AD71C2243FAFC25339F43CB9 ft=1 fh=90d54effddae10df vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Revo Uninstaller - CHIP-Installer.exe" sh=E43CCAB381745545028EF3B372CDA8216BCAE71D ft=1 fh=de54c13196eabda7 vn="Variante von Win32/InstallCore.UF evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\setup_CB-DL-Manager.exe" sh=24760C86F95B9761CB459A7740C4BC4EDCC2F575 ft=1 fh=65ac3099ea6f49a1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\SketchUp Make 2014 - CHIP-Installer.exe" sh=3A9AC064905B6EB0F85517E10377A06522014AD3 ft=1 fh=8aeae87312c18e47 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Stickies - CHIP-Installer.exe" sh=3EFD5813E3B932C0534BD66CAADA50A747196116 ft=1 fh=168194423fb4f146 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\TinyPic - CHIP-Installer.exe" sh=C5FDE1295804B47CC17E5214D683C2F7C6988EC9 ft=1 fh=f32f6f2e6997b83e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\UnderCoverXP - CHIP-Installer.exe" sh=9FEDDA5E2FBD7A1C43BA2D924AB1475AE96690C3 ft=1 fh=3daaad025b8f03d2 vn="NSIS/StartPage.CC Trojaner" ac=I fn="F:\Internetzprogramme\vlc-2.1.5-win32.exe" sh=D866D5178F53F81B17F8296ABB1B9AE3E9409B9A ft=1 fh=026e6c489309c3a3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\Internetzprogramme\Windows 7 USB DVD Download Tool - CHIP-Installer.exe" |
11.02.2015, 22:34 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows.old\Users\jurge_000\AppData\Local\Temp F:\Internetzprogramme\Audacity - CHIP-Installer.exe F:\Internetzprogramme\Audiograbber - CHIP-Installer.exe F:\Internetzprogramme\BestPractice - CHIP-Installer.exe F:\Internetzprogramme\Calibre 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Classic Shell - CHIP-Installer.exe F:\Internetzprogramme\DLL-Scan-lnstall.exe F:\Internetzprogramme\download_audiograbber.exe F:\Internetzprogramme\freerip_28679.exe F:\Internetzprogramme\Guitar Pro - CHIP-Installer.exe F:\Internetzprogramme\Pokki - CHIP-Installer.exe F:\Internetzprogramme\Power Tab Editor - CHIP-Installer.exe F:\Internetzprogramme\ProgDVB 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Rainlendar Lite 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Revo Uninstaller - CHIP-Installer.exe F:\Internetzprogramme\setup_CB-DL-Manager.exe F:\Internetzprogramme\SketchUp Make 2014 - CHIP-Installer.exe F:\Internetzprogramme\Stickies - CHIP-Installer.exe F:\Internetzprogramme\TinyPic - CHIP-Installer.exe F:\Internetzprogramme\UnderCoverXP - CHIP-Installer.exe F:\Internetzprogramme\vlc-2.1.5-win32.exe F:\Internetzprogramme\Windows 7 USB DVD Download Tool - CHIP-Installer.exe EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2015, 00:26 | #13 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.aCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02 Ran by jurge_000 at 2015-02-12 00:10:07 Run:4 Running from C:\Users\jurge_000\Desktop\Putze Loaded Profiles: jurge_000 (Available profiles: jurge_000 & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Windows.old\Users\jurge_000\AppData\Local\Temp F:\Internetzprogramme\Audacity - CHIP-Installer.exe F:\Internetzprogramme\Audiograbber - CHIP-Installer.exe F:\Internetzprogramme\BestPractice - CHIP-Installer.exe F:\Internetzprogramme\Calibre 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Classic Shell - CHIP-Installer.exe F:\Internetzprogramme\DLL-Scan-lnstall.exe F:\Internetzprogramme\download_audiograbber.exe F:\Internetzprogramme\freerip_28679.exe F:\Internetzprogramme\Guitar Pro - CHIP-Installer.exe F:\Internetzprogramme\Pokki - CHIP-Installer.exe F:\Internetzprogramme\Power Tab Editor - CHIP-Installer.exe F:\Internetzprogramme\ProgDVB 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Rainlendar Lite 32 Bit - CHIP-Installer.exe F:\Internetzprogramme\Revo Uninstaller - CHIP-Installer.exe F:\Internetzprogramme\setup_CB-DL-Manager.exe F:\Internetzprogramme\SketchUp Make 2014 - CHIP-Installer.exe F:\Internetzprogramme\Stickies - CHIP-Installer.exe F:\Internetzprogramme\TinyPic - CHIP-Installer.exe F:\Internetzprogramme\UnderCoverXP - CHIP-Installer.exe F:\Internetzprogramme\vlc-2.1.5-win32.exe F:\Internetzprogramme\Windows 7 USB DVD Download Tool - CHIP-Installer.exe EmptyTemp: Hosts: ***************** C:\Windows.old\Users\jurge_000\AppData\Local\Temp => Moved successfully. F:\Internetzprogramme\Audacity - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Audiograbber - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\BestPractice - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Calibre 32 Bit - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Classic Shell - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\DLL-Scan-lnstall.exe => Moved successfully. F:\Internetzprogramme\download_audiograbber.exe => Moved successfully. F:\Internetzprogramme\freerip_28679.exe => Moved successfully. F:\Internetzprogramme\Guitar Pro - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Pokki - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Power Tab Editor - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\ProgDVB 32 Bit - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Rainlendar Lite 32 Bit - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Revo Uninstaller - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\setup_CB-DL-Manager.exe => Moved successfully. F:\Internetzprogramme\SketchUp Make 2014 - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\Stickies - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\TinyPic - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\UnderCoverXP - CHIP-Installer.exe => Moved successfully. F:\Internetzprogramme\vlc-2.1.5-win32.exe => Moved successfully. F:\Internetzprogramme\Windows 7 USB DVD Download Tool - CHIP-Installer.exe => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 384.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 00:10:29 ==== |
12.02.2015, 00:40 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2015, 21:56 | #15 |
| Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a Hi Cosinus. Ja, scheint keine Probleme mehr zu geben. Vielen lieben Dank! Wie kann ich mich erkenntlich zeigen? Schöne Grüße Jürgen |
Themen zu Windows 8.1 not-a-virus:AdWare.Win32.Linkury.a |
anderes, coupons, datei, desinfiziert, device driver, ebanking, eingefangen, freue, frst runtergeladen, gefangen, gen, gepostet, heute, hilfe, liebe, melde, meldet, not-a-virus, omnibox, runtergeladen, scan, schei, wenig, windows, windows 8.1, würde, ähnliches |