|
Plagegeister aller Art und deren Bekämpfung: Ich bekomme "positive finds ads" nicht von meinem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.02.2015, 15:42 | #1 |
| Ich bekomme "positive finds ads" nicht von meinem Rechner Seit ein paar Tagen "ploppen" ständig diese Fenster auf. Ich kann gar nicht im Internet unterwegs sein ohne permanent auf anderen Seiten zu landen wie von mir beabsichtigt. Ich hab diverse Anleitungen gelesen, auch das Malwarebytes runtergeladen und durchlaufen lassen, aber ohne Erfolg. Ich bin absoluter Laie was sowas angeht, vielleicht kann mir jemand helfen ehe ich durchdrehe! Hey Leute bitte, ich bin echt am verzweifeln!!! Mein Geduldsfaden ist eigentlich strapazierfähig, aber allmählich... |
22.02.2015, 17:11 | #2 |
/// the machine /// TB-Ausbilder | Ich bekomme "positive finds ads" nicht von meinem Rechner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.02.2015, 20:55 | #3 |
| Ich bekomme "positive finds ads" nicht von meinem Rechner ok, also das ist dann mal die 1.
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015 Ran by Babsy (administrator) on MIRISBABSYSPC on 22-02-2015 18:58:39 Running from C:\Users\Babsy\Downloads Loaded Profiles: UpdatusUser & Babsy (Available profiles: UpdatusUser & Babsy & Miriam) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe () C:\Users\Babsy\AppData\Local\Amazon Music\Amazon Music Helper.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-2147813672-2160586994-2459613830-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\Run: [Amazon Music] => C:\Users\Babsy\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Users\Babsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) BootExecute: autocheck autochk * aswBoot.exe /M:13406bbe /wow /dir:"C:\Program Files\AVAST Software\Avast"sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hppp&ts=1421943390&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM URLSearchHook: [S-1-5-21-2147813672-2160586994-2459613830-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> DefaultScope {049DB9A2-B07B-11E4-827A-448A5B2CBA61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {049DB9A2-B07B-11E4-827A-448A5B2CBA61} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM&ts=1421943403&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM&ts=1421943403&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM&ts=1421943403&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM&ts=1421943403&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002 -> {FEF0E4DE-06CC-4597-8F8B-13220CE526CD} URL = hxxp://istart.webssearches.com/web/?utm_source=b&utm_medium=cvs&utm_campaign=install_ie&utm_content=ds&from=cvs&uid=ST1000DM003-1CH162_Z1D8HBJMXXXXZ1D8HBJM&ts=1421943403&type=default&q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Babsy\AppData\Roaming\Mozilla\Firefox\Profiles\rt87auad.default FF Homepage: hxxp://www.google.de/ FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Babsy\AppData\Roaming\Mozilla\Firefox\Profiles\rt87auad.default\user.js FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-22] Chrome: ======= CHR HomePage: Default -> hxxp://google.de/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Google Search) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Kaspersky Protection) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-22] CHR Extension: (Avira Browser Safety) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-14] CHR Extension: (Google Wallet) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed] S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 d924d8dc; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.33\OptProMon.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-22] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-22] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-22 18:58 - 2015-02-22 18:59 - 00026411 _____ () C:\Users\Babsy\Downloads\FRST.txt 2015-02-22 18:58 - 2015-02-22 18:58 - 00000000 ____D () C:\FRST 2015-02-22 18:52 - 2015-02-22 18:52 - 02087424 _____ (Farbar) C:\Users\Babsy\Downloads\FRST64.exe 2015-02-22 18:51 - 2015-02-22 18:51 - 01126912 _____ (Farbar) C:\Users\Babsy\Downloads\FRST.exe 2015-02-22 16:05 - 2015-02-22 16:05 - 00030455 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (4).txt 2015-02-22 15:44 - 2015-02-22 15:44 - 00030455 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (3).txt 2015-02-22 12:10 - 2015-02-22 14:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-22 12:10 - 2015-02-22 12:10 - 00001082 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-22 12:10 - 2015-02-22 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-22 12:10 - 2015-02-22 12:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-22 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-22 12:10 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-22 12:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-22 12:09 - 2015-02-22 12:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028(2).exe 2015-02-22 12:07 - 2015-02-22 12:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-02-22 11:41 - 2015-02-22 11:42 - 00000000 ____D () C:\Users\Babsy\AppData\Local\Mozilla 2015-02-22 11:41 - 2015-02-22 11:41 - 39712504 _____ () C:\Users\Babsy\Downloads\Firefox_Setup_de35.0.1.exe 2015-02-22 11:41 - 2015-02-22 11:41 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-22 11:41 - 2015-02-22 11:41 - 00001127 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\ProgramData\Mozilla 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-22 11:29 - 2015-02-22 11:29 - 00002314 _____ () C:\Users\Babsy\Desktop\Sicherer Zahlungsverkehr.lnk 2015-02-22 10:44 - 2015-02-22 10:44 - 00030496 _____ () C:\Users\Miriam\Downloads\HOW-IT-LOOKS.htm 2015-02-22 09:51 - 2015-02-22 09:51 - 00002314 _____ () C:\Users\Miriam\Desktop\Sicherer Zahlungsverkehr.lnk 2015-02-22 09:51 - 2015-02-22 09:51 - 00001176 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-02-22 09:51 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-02-22 09:51 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-02-22 09:50 - 2015-02-22 18:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-22 09:50 - 2015-02-22 10:00 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-02-22 09:50 - 2015-02-22 10:00 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-02-22 09:50 - 2015-02-22 09:50 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-02-22 09:50 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-02-22 09:34 - 2015-02-22 09:35 - 00000085 _____ () C:\Windows\wininit.ini 2015-02-14 16:56 - 2015-02-14 16:56 - 00079757 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (2).txt 2015-02-14 14:57 - 2015-02-14 16:05 - 00000000 ____D () C:\Users\Babsy\Desktop\Nils 2015-02-14 12:14 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150214-121459.backup 2015-02-14 11:26 - 2015-02-22 09:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-02-14 11:26 - 2015-02-22 09:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-02-14 11:26 - 2015-02-14 11:26 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-02-14 11:24 - 2015-02-14 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Babsy\Downloads\spybot-2.4.exe 2015-02-14 11:12 - 2015-02-14 11:12 - 00000000 ____D () C:\Program Files (x86)\PC Tools 2015-02-14 11:06 - 2015-02-14 11:08 - 03567079 _____ () C:\Windows\system32\Drivers\Cat.DB 2015-02-14 11:06 - 2012-11-01 15:35 - 00253256 _____ (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys 2015-02-14 11:05 - 2015-02-14 11:27 - 00000000 ____D () C:\ProgramData\PC Tools 2015-02-14 11:05 - 2015-02-14 11:05 - 03834832 _____ (PC Tools) C:\Users\Babsy\Downloads\sd9setup.exe 2015-02-14 11:05 - 2015-02-14 11:05 - 03834832 _____ (PC Tools) C:\Users\Babsy\Downloads\sd9setup (1).exe 2015-02-14 11:05 - 2015-02-14 11:05 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\TestApp 2015-02-14 10:38 - 2015-02-14 10:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-14 10:37 - 2015-02-14 10:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-12 18:22 - 2015-02-12 18:22 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\WildTangent 2015-02-12 18:17 - 2015-02-12 18:17 - 00001556 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-02-12 18:17 - 2015-02-12 18:17 - 00001265 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\RHEng 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-12 18:16 - 2015-02-12 18:16 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\Babsy\Downloads\FreeYouTubeToMP354Converter.exe 2015-02-12 18:12 - 2015-02-12 18:12 - 07778632 _____ () C:\Users\Babsy\Downloads\Infigo_setup.exe 2015-02-12 17:53 - 2015-02-14 16:05 - 00000000 ____D () C:\Users\Babsy\Desktop\Samuel 2015-02-11 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 19:50 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 19:50 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 19:50 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 19:50 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-08 18:36 - 2015-02-08 18:36 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Windows Live 2015-02-08 13:23 - 2015-02-08 13:23 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\NVIDIA 2015-02-08 12:29 - 2015-02-08 12:30 - 00000000 ____D () C:\Users\Miriam\Documents\Freemake 2015-02-08 12:29 - 2015-02-08 12:30 - 00000000 ____D () C:\ProgramData\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00001344 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\RHEng 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Freemake 2015-02-08 12:00 - 2015-02-08 16:59 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\dvdcss 2015-02-08 11:55 - 2015-02-22 09:34 - 00000000 ____D () C:\Program Files\VideoLAN 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2015-02-08 11:54 - 2015-02-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2015-02-08 11:54 - 2015-02-08 11:54 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2015-02-07 18:35 - 2015-02-07 18:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-02-07 18:35 - 2015-02-07 18:35 - 00000000 ____D () C:\Program Files\Java 2015-02-07 18:23 - 2015-02-07 18:26 - 93427112 _____ (Oracle Corporation) C:\Users\Miriam\Downloads\jre-8u31-windows-x64 (1).exe 2015-02-07 18:15 - 2015-02-07 18:15 - 00639400 _____ (Oracle Corporation) C:\Users\Miriam\Downloads\chromeinstall-8u31.exe 2015-02-07 17:58 - 2015-02-07 17:58 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Mozilla 2015-02-07 17:58 - 2015-02-07 17:58 - 00000000 ____D () C:\Program Files (x86)\predm 2015-02-07 17:55 - 2015-02-07 17:55 - 00000197 _____ () C:\Windows\system32\2015-02-07-16-55-08.026-AvastVBoxSVC.exe-2696.log 2015-02-07 17:51 - 2015-02-07 17:51 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Miriam\Downloads\avira_de_av_5835121429__ws.exe 2015-02-07 17:35 - 2015-02-07 17:35 - 00003162 _____ () C:\Windows\System32\Tasks\{BEC90ED1-80D5-4C8D-9085-576BF29383DE} 2015-02-07 17:33 - 2015-02-07 17:34 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-33-48.080-aswFe.exe-7280.log 2015-02-07 17:31 - 2015-02-07 17:31 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-31-32.035-aswFe.exe-7828.log 2015-02-07 17:30 - 2015-02-07 17:31 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-30-52.089-aswFe.exe-1160.log 2015-02-02 06:29 - 2015-02-02 06:30 - 00000197 _____ () C:\Windows\system32\2015-02-02-05-29-04.050-AvastVBoxSVC.exe-2284.log 2015-02-01 17:47 - 2015-02-01 17:47 - 00004608 _____ () C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-01 17:30 - 2015-02-01 17:32 - 00000197 _____ () C:\Windows\system32\2015-02-01-16-30-47.001-AvastVBoxSVC.exe-3444.log 2015-02-01 17:17 - 2015-02-01 17:17 - 00000197 _____ () C:\Windows\system32\2015-02-01-16-17-28.051-AvastVBoxSVC.exe-2140.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-22 18:10 - 2014-02-16 11:32 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-22 18:05 - 2014-01-27 18:29 - 01080217 _____ () C:\Windows\WindowsUpdate.log 2015-02-22 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-22 14:11 - 2014-02-11 22:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2147813672-2160586994-2459613830-1002 2015-02-22 14:07 - 2014-03-16 12:03 - 00000000 ____D () C:\Users\Babsy\AppData\Local\CrashDumps 2015-02-22 14:05 - 2014-03-16 12:03 - 00000000 ___DO () C:\Users\Babsy\SkyDrive 2015-02-22 14:05 - 2014-02-16 11:32 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-22 12:31 - 2013-08-22 15:46 - 00072167 _____ () C:\Windows\setupact.log 2015-02-22 12:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-22 12:30 - 2014-01-27 18:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-22 12:30 - 2013-10-04 08:36 - 00629770 _____ () C:\Windows\PFRO.log 2015-02-22 12:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2015-02-22 12:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-02-22 11:41 - 2014-10-12 08:47 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\Mozilla 2015-02-22 10:53 - 2014-02-11 22:09 - 00001470 _____ () C:\Users\Babsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-22 10:50 - 2014-02-16 11:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2147813672-2160586994-2459613830-1003 2015-02-22 09:57 - 2014-02-12 02:08 - 00000000 ___RD () C:\Users\Babsy\Desktop\Reborn 2015-02-22 09:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-22 09:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-22 09:50 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-02-22 09:49 - 2014-03-23 14:52 - 00000000 ____D () C:\Users\Miriam\AppData\Local\CrashDumps 2015-02-22 09:49 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-22 09:44 - 2014-02-16 11:12 - 00000000 ___DO () C:\Users\Miriam\SkyDrive 2015-02-22 09:44 - 2014-02-16 11:07 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Pokki 2015-02-22 09:43 - 2013-08-22 15:44 - 00414224 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-22 09:40 - 2014-12-11 12:22 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-22 09:40 - 2014-07-15 19:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-22 09:40 - 2014-03-02 14:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-22 09:40 - 2014-02-16 18:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-22 09:36 - 2014-03-02 14:13 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-22 09:34 - 2014-02-16 11:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A120AAB6-8A9B-453A-9041-213D7C0D6E4E} 2015-02-14 15:22 - 2014-02-11 22:17 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6648380F-6B7F-410A-9912-FADB0D2A4544} 2015-02-14 11:27 - 2014-01-27 19:04 - 00000000 ____D () C:\ProgramData\Temp 2015-02-14 09:41 - 2015-01-22 16:43 - 00000000 ____D () C:\Users\Babsy\Desktop\Camera 2015-02-14 09:41 - 2014-02-12 00:40 - 00000000 ____D () C:\Users\Babsy\Desktop\Kreativ 2015-02-14 08:49 - 2014-02-12 00:00 - 00000000 ____D () C:\Users\Babsy\Desktop\Arbeit 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ____D () C:\ProgramData\WildTangent 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-02-12 18:18 - 2014-02-25 18:59 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\DVDVideoSoft 2015-02-12 17:55 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\Babsy\Desktop\Babsy 2015-02-08 18:17 - 2014-01-23 09:27 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-08 18:17 - 2014-01-23 09:27 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-08 18:17 - 2013-10-04 08:58 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 18:17 - 2014-04-18 05:52 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\CyberLink 2015-02-07 18:04 - 2014-03-16 12:19 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-07 18:01 - 2014-02-16 11:32 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-07 18:01 - 2014-02-16 11:09 - 00001470 _____ () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-07 17:56 - 2014-02-16 18:41 - 00002299 _____ () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-02-07 17:34 - 2015-01-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Stapelverarbeitung 2015-02-07 17:09 - 2014-12-30 18:07 - 00003290 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2147813672-2160586994-2459613830-1003 2015-02-03 20:31 - 2014-11-16 15:39 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-16 15:39 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-03-02 13:47 - 2014-03-02 13:47 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-01-27 18:49 - 2014-01-27 18:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Babsy\AppData\Local\Temp\avgnt.exe C:\Users\Babsy\AppData\Local\Temp\ose00000.exe C:\Users\Miriam\AppData\Local\Temp\avgnt.exe C:\Users\Miriam\AppData\Local\Temp\COMAP.EXE C:\Users\Miriam\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Miriam\AppData\Local\Temp\oct30F5.tmp.exe C:\Users\Miriam\AppData\Local\Temp\oct5F51.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octAB9B.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octAD68.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octE7C8.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-22 10:50 ==================== End Of Log ============================ --- --- --- --- --- --- Das die Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015 Ran by Babsy at 2015-02-22 18:59:33 Running from C:\Users\Babsy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated) abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{C538010A-17CD-461C-B198-E6E3499E4154}) (Version: 20.3.45.53553 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.3.45.53553 - Alcor Micro Corp.) Hidden Amazon Music (HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated) CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.39 - Abelssoft) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation) Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 327.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 327.33 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 327.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.41 - NVIDIA Corporation) NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.41 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation) Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Pokki (HKU\S-1-5-21-2147813672-2160586994-2459613830-1001\...\Pokki) (Version: 0.265.14.261 - Pokki) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Babsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Babsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Babsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2147813672-2160586994-2459613830-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Babsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 07-02-2015 17:19:17 Windows Update 12-02-2015 18:17:13 Uniblue PC Mechanic installation 14-02-2015 11:06:35 Removed Cisco LEAP Module 22-02-2015 09:35:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {112D0D09-DE5E-498C-8704-DE24ADBB1AA2} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated) Task: {2725DCE7-212C-4523-B8C2-0AAC33E5FEFC} - System32\Tasks\{BEC90ED1-80D5-4C8D-9085-576BF29383DE} => pcalua.exe -a C:\Users\Babsy\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION Task: {3F206E58-7B53-4A98-85C9-A00ECABAB214} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {45F0A24F-A679-4F3E-94A5-AD47B66D3435} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.33\OptProLauncher.exe <==== ATTENTION Task: {667B61A9-47C4-4C9F-BDFB-CB0F4ED2BF03} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer) Task: {7A2CFF02-0ACD-4DF1-82CE-4C3973A01567} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated) Task: {8BA5A94E-5ACC-41DC-9A38-3EDB33048BE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.) Task: {979EFF5D-F73D-4A10-B653-85B2152CA102} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {AF1D1B98-E682-4665-BFCD-EB36432B9D32} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-12-04] (CHIP) Task: {C27FB90E-7C54-49C1-A3A9-ED6A5543DEA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.) Task: {DBF8FD41-A68D-41B1-8683-FA5A63E94C89} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard) Task: {DC95777C-C451-41E3-8626-28795485E121} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-22] (Microsoft Corporation) Task: {EEB555D8-AD7C-40AC-B501-5DA5B776C713} - System32\Tasks\avastBCLRestartS-1-5-21-2147813672-2160586994-2459613830-1003 => Chrome.exe Task: {FBDE4D43-8E4F-47FD-8721-0CCFE304B899} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-11-13 18:59 - 2014-12-08 07:27 - 06277952 _____ () C:\Users\Babsy\AppData\Local\Amazon Music\Amazon Music Helper.exe 2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe 2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2014-11-27 18:07 - 2014-11-27 18:08 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll 2014-01-27 18:46 - 2013-08-19 19:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-02-13 22:53 - 2012-04-24 16:41 - 01087336 _____ () C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll 2015-01-10 16:22 - 2015-01-10 16:22 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll 2014-01-27 19:07 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-01-17 19:11 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-17 19:11 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll 2015-01-17 19:11 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll 2015-01-17 19:11 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll 2015-01-17 19:11 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:430C6D84 AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 AlternateDataStreams: C:\Users\Babsy\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Babsy\SkyDrive.old:ms-properties AlternateDataStreams: C:\Users\Miriam\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Babsy\Desktop\Camera\20141107_192458.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "HP Software Update" ==================== Accounts: ============================= Administrator (S-1-5-21-2147813672-2160586994-2459613830-500 - Administrator - Disabled) Babsy (S-1-5-21-2147813672-2160586994-2459613830-1002 - Administrator - Enabled) => C:\Users\Babsy Gast (S-1-5-21-2147813672-2160586994-2459613830-501 - Limited - Disabled) Miriam (S-1-5-21-2147813672-2160586994-2459613830-1003 - Administrator - Enabled) => C:\Users\Miriam UpdatusUser (S-1-5-21-2147813672-2160586994-2459613830-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2015 02:07:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0x1b48 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (02/22/2015 00:08:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/22/2015 00:08:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/22/2015 00:08:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/22/2015 11:31:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0x894 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (02/22/2015 11:29:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: RaUI.exe, Version: 4.1.7.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: RaWLAPI.dll, Version: 1.1.7.0, Zeitstempel: 0x4f966112 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00042367 ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung: 0xRaUI.exe0 Pfad der fehlerhaften Anwendung: RaUI.exe1 Pfad des fehlerhaften Moduls: RaUI.exe2 Berichtskennung: RaUI.exe3 Vollständiger Name des fehlerhaften Pakets: RaUI.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RaUI.exe5 Error: (02/22/2015 11:03:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a60 Startzeit: 01d04e86090cf31c Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: fc86ffe5-ba79-11e4-8280-448a5b2cba61 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/22/2015 10:33:21 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: be0 Startzeit: 01d04e81e2955608 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: d6183430-ba75-11e4-8280-448a5b2cba61 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/22/2015 10:03:21 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13ac Startzeit: 01d04e7db1b45485 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: a52e45e9-ba71-11e4-8280-448a5b2cba61 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/22/2015 09:49:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d10 Startzeit: 01d04e7bb5c8f8ce Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: a97eb78a-ba6f-11e4-8280-448a5b2cba61 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 System errors: ============= Error: (02/22/2015 00:31:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (02/22/2015 00:31:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (02/22/2015 09:43:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "McAfee Inc. mfeapfk" wurde aufgrund folgenden Fehlers nicht gestartet: %%1243 Error: (02/22/2015 09:43:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht. Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3023562) Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3020338) Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3019868) Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3004361) Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3029944) Error: (02/22/2015 09:40:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3031432) Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-07-20 17:22:58.541 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 45% Total physical RAM: 8125.16 MB Available physical RAM: 4401.71 MB Total Pagefile: 9405.16 MB Available Pagefile: 4780.21 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:455.6 GB) (Free:218.68 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.11 GB) (Free:455.39 GB) NTFS Drive e: (KIS Multi-Device) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D6717695) Partition: GPT Partition Type. ==================== End Of Log ============================ war das so in Ordnung? |
23.02.2015, 16:24 | #4 |
/// the machine /// TB-Ausbilder | Ich bekomme "positive finds ads" nicht von meinem Rechner Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.02.2015, 17:06 | #5 |
| Ich bekomme "positive finds ads" nicht von meinem Rechner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 28/02/2015 um 16:37:49 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-02-18.3 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Babsy - MIRISBABSYSPC # Gestarted von : C:\Users\Babsy\Downloads\AdwCleaner_4.111.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : d924d8dc ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Babsy\AppData\Local\Temp\apn Ordner Gelöscht : C:\Users\Babsy\AppData\Local\AskPartnerNetwork Ordner Gelöscht : C:\Users\Babsy\AppData\Roaming\RHEng Ordner Gelöscht : C:\Users\Miriam\AppData\Roaming\RHEng Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk Datei Gelöscht : C:\Users\Babsy\AppData\Roaming\Mozilla\Firefox\Profiles\rt87auad.default\user.js Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal Datei Gelöscht : C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage ***** [ Geplante Tasks ] ***** Task Gelöscht : Optimizer Pro Schedule ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Classes\pokki Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FEF0E4DE-06CC-4597-8F8B-13220CE526CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork Schlüssel Gelöscht : HKCU\Software\InetStat Schlüssel Gelöscht : HKCU\Software\Tutorials Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] -\\ Mozilla Firefox v35.0.1 (x86 de) -\\ Google Chrome v39.0.2171.99 ************************* AdwCleaner[R0].txt - [6809 Bytes] - [28/02/2015 16:35:11] AdwCleaner[S0].txt - [5606 Bytes] - [28/02/2015 16:37:49] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5665 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by Babsy on 28.02.2015 at 16:45:21,60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{049DB9A2-B07B-11E4-827A-448A5B2CBA61} ~~~ Files Successfully deleted: [File] "C:\Users\Babsy\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\Babsy\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal" Successfully deleted: [File] "C:\Users\Babsy\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage" Successfully deleted: [File] "C:\Users\Babsy\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal" Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.02.2015 at 16:47:49,59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01 Ran by Babsy (administrator) on MIRISBABSYSPC on 28-02-2015 17:01:37 Running from C:\Users\Babsy\Downloads Loaded Profiles: UpdatusUser & Babsy (Available profiles: UpdatusUser & Babsy & Miriam) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe () C:\Users\Babsy\AppData\Local\Amazon Music\Amazon Music Helper.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-2147813672-2160586994-2459613830-1001\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\...\Run: [Amazon Music] => C:\Users\Babsy\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) Startup: C:\Users\Babsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) BootExecute: autocheck autochk * aswBoot.exe /M:13406bbe /wow /dir:"C:\Program Files\AVAST Software\Avast"sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2147813672-2160586994-2459613830-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start URLSearchHook: [S-1-5-21-2147813672-2160586994-2459613830-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2147813672-2160586994-2459613830-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Babsy\AppData\Roaming\Mozilla\Firefox\Profiles\rt87auad.default FF Homepage: hxxp://www.google.de/ FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com () FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com () FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-22] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-22] Chrome: ======= CHR HomePage: Default -> hxxp://google.de/ CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16] CHR Extension: (Google Drive) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14] CHR Extension: (YouTube) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16] CHR Extension: (Google Search) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16] CHR Extension: (Kaspersky Protection) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-22] CHR Extension: (Avira Browser Safety) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-14] CHR Extension: (Google Wallet) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16] CHR Extension: (Gmail) - C:\Users\Babsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed] S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-22] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-22] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 17:01 - 2015-02-28 17:01 - 00000000 ____D () C:\Users\Babsy\Downloads\FRST-OlderVersion 2015-02-28 16:47 - 2015-02-28 16:47 - 00001566 _____ () C:\Users\Babsy\Desktop\JRT.txt 2015-02-28 16:43 - 2015-02-28 16:45 - 01388274 _____ (Thisisu) C:\Users\Babsy\Downloads\JRT.exe 2015-02-28 16:34 - 2015-02-28 16:37 - 00000000 ____D () C:\AdwCleaner 2015-02-28 16:34 - 2015-02-28 16:34 - 02126848 _____ () C:\Users\Babsy\Downloads\AdwCleaner_4.111.exe 2015-02-22 18:59 - 2015-02-22 19:00 - 00034233 _____ () C:\Users\Babsy\Downloads\Addition.txt 2015-02-22 18:58 - 2015-02-28 17:01 - 00023029 _____ () C:\Users\Babsy\Downloads\FRST.txt 2015-02-22 18:58 - 2015-02-28 17:01 - 00000000 ____D () C:\FRST 2015-02-22 18:52 - 2015-02-28 17:01 - 02087936 _____ (Farbar) C:\Users\Babsy\Downloads\FRST64.exe 2015-02-22 16:05 - 2015-02-22 16:05 - 00030455 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (4).txt 2015-02-22 15:44 - 2015-02-22 15:44 - 00030455 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (3).txt 2015-02-22 12:10 - 2015-02-22 14:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-22 12:10 - 2015-02-22 12:10 - 00001082 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-22 12:10 - 2015-02-22 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-22 12:10 - 2015-02-22 12:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-22 12:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-22 12:10 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-22 12:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-22 12:09 - 2015-02-22 12:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028(2).exe 2015-02-22 12:07 - 2015-02-22 12:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-02-22 11:41 - 2015-02-22 11:42 - 00000000 ____D () C:\Users\Babsy\AppData\Local\Mozilla 2015-02-22 11:41 - 2015-02-22 11:41 - 39712504 _____ () C:\Users\Babsy\Downloads\Firefox_Setup_de35.0.1.exe 2015-02-22 11:41 - 2015-02-22 11:41 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-22 11:41 - 2015-02-22 11:41 - 00001127 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\ProgramData\Mozilla 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-22 11:41 - 2015-02-22 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-22 11:29 - 2015-02-22 11:29 - 00002314 _____ () C:\Users\Babsy\Desktop\Sicherer Zahlungsverkehr.lnk 2015-02-22 10:44 - 2015-02-22 10:44 - 00030496 _____ () C:\Users\Miriam\Downloads\HOW-IT-LOOKS.htm 2015-02-22 09:51 - 2015-02-22 09:51 - 00002314 _____ () C:\Users\Miriam\Desktop\Sicherer Zahlungsverkehr.lnk 2015-02-22 09:51 - 2015-02-22 09:51 - 00001176 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2015-02-22 09:51 - 2015-02-22 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-02-22 09:51 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-02-22 09:50 - 2015-02-28 16:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-22 09:50 - 2015-02-22 10:00 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-02-22 09:50 - 2015-02-22 10:00 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-02-22 09:50 - 2015-02-22 09:50 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-02-22 09:50 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-02-14 16:56 - 2015-02-14 16:56 - 00079757 _____ () C:\Users\Babsy\Downloads\TEXT TEMPLATE DOCUMENT (2).txt 2015-02-14 14:57 - 2015-02-14 16:05 - 00000000 ____D () C:\Users\Babsy\Desktop\Nils 2015-02-14 12:14 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150214-121459.backup 2015-02-14 11:26 - 2015-02-22 09:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-02-14 11:26 - 2015-02-22 09:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-02-14 11:26 - 2015-02-14 11:26 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-02-14 11:24 - 2015-02-14 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Babsy\Downloads\spybot-2.4.exe 2015-02-14 11:12 - 2015-02-14 11:12 - 00000000 ____D () C:\Program Files (x86)\PC Tools 2015-02-14 11:06 - 2015-02-14 11:08 - 03567079 _____ () C:\Windows\system32\Drivers\Cat.DB 2015-02-14 11:06 - 2012-11-01 15:35 - 00253256 _____ (PC Tools) C:\Windows\system32\Drivers\PCTSD64.sys 2015-02-14 11:05 - 2015-02-14 11:27 - 00000000 ____D () C:\ProgramData\PC Tools 2015-02-14 11:05 - 2015-02-14 11:05 - 03834832 _____ (PC Tools) C:\Users\Babsy\Downloads\sd9setup.exe 2015-02-14 11:05 - 2015-02-14 11:05 - 03834832 _____ (PC Tools) C:\Users\Babsy\Downloads\sd9setup (1).exe 2015-02-14 11:05 - 2015-02-14 11:05 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\TestApp 2015-02-14 10:38 - 2015-02-14 10:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-14 10:37 - 2015-02-14 10:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Babsy\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-12 18:22 - 2015-02-12 18:22 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\WildTangent 2015-02-12 18:17 - 2015-02-12 18:17 - 00001556 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2015-02-12 18:17 - 2015-02-12 18:17 - 00001265 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack 2015-02-12 18:17 - 2015-02-12 18:17 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-02-12 18:16 - 2015-02-12 18:16 - 34792128 _____ (DVDVideoSoft Ltd. ) C:\Users\Babsy\Downloads\FreeYouTubeToMP354Converter.exe 2015-02-12 18:12 - 2015-02-12 18:12 - 07778632 _____ () C:\Users\Babsy\Downloads\Infigo_setup.exe 2015-02-12 17:53 - 2015-02-14 16:05 - 00000000 ____D () C:\Users\Babsy\Desktop\Samuel 2015-02-11 19:56 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 19:56 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 19:56 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 19:56 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 19:56 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 19:56 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 19:56 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 19:56 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 19:56 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 19:56 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 19:56 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 19:56 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 19:56 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 19:56 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 19:56 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 19:56 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 19:56 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 19:56 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 19:56 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 19:56 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 19:56 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 19:56 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 19:56 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 19:56 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 19:56 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 19:56 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 19:56 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 19:54 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 19:54 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 19:54 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 19:54 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 19:54 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 19:54 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 19:54 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 19:54 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 19:54 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 19:54 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 19:54 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 19:54 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 19:54 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 19:54 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 19:54 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 19:54 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 19:54 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 19:54 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 19:54 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 19:54 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 19:54 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 19:54 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 19:54 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 19:54 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 19:54 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 19:54 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 19:54 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 19:54 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 19:54 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 19:54 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 19:54 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 19:54 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 19:54 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 19:54 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 19:54 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 19:54 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 19:54 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 19:54 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 19:53 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 19:50 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 19:50 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 19:50 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 19:50 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 19:50 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-08 18:36 - 2015-02-08 18:36 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Windows Live 2015-02-08 13:23 - 2015-02-08 13:23 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\NVIDIA 2015-02-08 12:29 - 2015-02-08 12:30 - 00000000 ____D () C:\Users\Miriam\Documents\Freemake 2015-02-08 12:29 - 2015-02-08 12:30 - 00000000 ____D () C:\ProgramData\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00001344 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-02-08 12:29 - 2015-02-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Freemake 2015-02-08 12:00 - 2015-02-08 16:59 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\dvdcss 2015-02-08 11:55 - 2015-02-22 09:34 - 00000000 ____D () C:\Program Files\VideoLAN 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Abelssoft 2015-02-08 11:55 - 2015-02-08 11:55 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2015-02-08 11:54 - 2015-02-08 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater 2015-02-08 11:54 - 2015-02-08 11:54 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater 2015-02-07 18:35 - 2015-02-07 18:35 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-02-07 18:35 - 2015-02-07 18:35 - 00000000 ____D () C:\Program Files\Java 2015-02-07 18:23 - 2015-02-07 18:26 - 93427112 _____ (Oracle Corporation) C:\Users\Miriam\Downloads\jre-8u31-windows-x64 (1).exe 2015-02-07 18:15 - 2015-02-07 18:15 - 00639400 _____ (Oracle Corporation) C:\Users\Miriam\Downloads\chromeinstall-8u31.exe 2015-02-07 17:58 - 2015-02-07 17:58 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\Mozilla 2015-02-07 17:55 - 2015-02-07 17:55 - 00000197 _____ () C:\Windows\system32\2015-02-07-16-55-08.026-AvastVBoxSVC.exe-2696.log 2015-02-07 17:51 - 2015-02-07 17:51 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Miriam\Downloads\avira_de_av_5835121429__ws.exe 2015-02-07 17:35 - 2015-02-07 17:35 - 00003162 _____ () C:\Windows\System32\Tasks\{BEC90ED1-80D5-4C8D-9085-576BF29383DE} 2015-02-07 17:33 - 2015-02-07 17:34 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-33-48.080-aswFe.exe-7280.log 2015-02-07 17:31 - 2015-02-07 17:31 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-31-32.035-aswFe.exe-7828.log 2015-02-07 17:30 - 2015-02-07 17:31 - 00000280 _____ () C:\Windows\system32\2015-02-07-16-30-52.089-aswFe.exe-1160.log 2015-02-02 06:29 - 2015-02-02 06:30 - 00000197 _____ () C:\Windows\system32\2015-02-02-05-29-04.050-AvastVBoxSVC.exe-2284.log 2015-02-01 17:47 - 2015-02-01 17:47 - 00004608 _____ () C:\Users\Miriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-01 17:30 - 2015-02-01 17:32 - 00000197 _____ () C:\Windows\system32\2015-02-01-16-30-47.001-AvastVBoxSVC.exe-3444.log 2015-02-01 17:17 - 2015-02-01 17:17 - 00000197 _____ () C:\Windows\system32\2015-02-01-16-17-28.051-AvastVBoxSVC.exe-2140.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-28 16:41 - 2014-03-16 12:03 - 00000000 ____D () C:\Users\Babsy\AppData\Local\CrashDumps 2015-02-28 16:40 - 2014-01-27 18:29 - 01356999 _____ () C:\Windows\WindowsUpdate.log 2015-02-28 16:39 - 2014-03-16 12:03 - 00000000 ___DO () C:\Users\Babsy\SkyDrive 2015-02-28 16:39 - 2014-02-16 11:32 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-28 16:39 - 2014-01-27 18:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-28 16:39 - 2013-08-22 15:46 - 00073211 _____ () C:\Windows\setupact.log 2015-02-28 16:39 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-28 16:38 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-02-28 16:37 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-28 08:28 - 2013-10-04 08:36 - 00630120 _____ () C:\Windows\PFRO.log 2015-02-22 21:10 - 2014-02-16 11:32 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-22 19:34 - 2014-02-11 22:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2147813672-2160586994-2459613830-1002 2015-02-22 12:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2015-02-22 11:41 - 2014-10-12 08:47 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\Mozilla 2015-02-22 10:53 - 2014-02-11 22:09 - 00001470 _____ () C:\Users\Babsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-22 10:50 - 2014-02-16 11:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2147813672-2160586994-2459613830-1003 2015-02-22 09:57 - 2014-02-12 02:08 - 00000000 ___RD () C:\Users\Babsy\Desktop\Reborn 2015-02-22 09:55 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-22 09:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-22 09:50 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-02-22 09:49 - 2014-03-23 14:52 - 00000000 ____D () C:\Users\Miriam\AppData\Local\CrashDumps 2015-02-22 09:44 - 2014-02-16 11:12 - 00000000 ___DO () C:\Users\Miriam\SkyDrive 2015-02-22 09:44 - 2014-02-16 11:07 - 00000000 ____D () C:\Users\Miriam\AppData\Local\Pokki 2015-02-22 09:43 - 2013-08-22 15:44 - 00414224 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-22 09:40 - 2014-12-11 12:22 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-22 09:40 - 2014-07-15 19:53 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-22 09:40 - 2014-03-02 14:13 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-22 09:40 - 2014-02-16 18:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-22 09:36 - 2014-03-02 14:13 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-22 09:34 - 2014-02-16 11:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A120AAB6-8A9B-453A-9041-213D7C0D6E4E} 2015-02-14 15:22 - 2014-02-11 22:17 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6648380F-6B7F-410A-9912-FADB0D2A4544} 2015-02-14 11:27 - 2014-01-27 19:04 - 00000000 ____D () C:\ProgramData\Temp 2015-02-14 09:41 - 2015-01-22 16:43 - 00000000 ____D () C:\Users\Babsy\Desktop\Camera 2015-02-14 09:41 - 2014-02-12 00:40 - 00000000 ____D () C:\Users\Babsy\Desktop\Kreativ 2015-02-14 08:49 - 2014-02-12 00:00 - 00000000 ____D () C:\Users\Babsy\Desktop\Arbeit 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ____D () C:\ProgramData\WildTangent 2015-02-12 18:22 - 2013-10-04 08:57 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-02-12 18:18 - 2014-02-25 18:59 - 00000000 ____D () C:\Users\Babsy\AppData\Roaming\DVDVideoSoft 2015-02-12 17:55 - 2014-02-11 22:58 - 00000000 ____D () C:\Users\Babsy\Desktop\Babsy 2015-02-08 18:17 - 2014-01-23 09:27 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-02-08 18:17 - 2014-01-23 09:27 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-02-08 18:17 - 2013-10-04 08:58 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 18:17 - 2014-04-18 05:52 - 00000000 ____D () C:\Users\Miriam\AppData\Roaming\CyberLink 2015-02-07 18:04 - 2014-03-16 12:19 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-07 18:01 - 2014-02-16 11:32 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-07 18:01 - 2014-02-16 11:09 - 00001470 _____ () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-07 17:56 - 2014-02-16 18:41 - 00002299 _____ () C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-02-07 17:34 - 2015-01-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Stapelverarbeitung 2015-02-07 17:09 - 2014-12-30 18:07 - 00003290 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2147813672-2160586994-2459613830-1003 2015-02-03 20:31 - 2014-11-16 15:39 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-16 15:39 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-03-02 13:47 - 2014-03-02 13:47 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-01-27 18:49 - 2014-01-27 18:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Babsy\AppData\Local\Temp\avgnt.exe C:\Users\Babsy\AppData\Local\Temp\ose00000.exe C:\Users\Babsy\AppData\Local\Temp\Quarantine.exe C:\Users\Babsy\AppData\Local\Temp\sqlite3.dll C:\Users\Miriam\AppData\Local\Temp\avgnt.exe C:\Users\Miriam\AppData\Local\Temp\COMAP.EXE C:\Users\Miriam\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Miriam\AppData\Local\Temp\oct30F5.tmp.exe C:\Users\Miriam\AppData\Local\Temp\oct5F51.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octAB9B.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octAD68.tmp.exe C:\Users\Miriam\AppData\Local\Temp\octE7C8.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-22 10:50 ==================== End Of Log ============================ --- --- --- --- --- --- Das Problem ist bisher nicht beseitigt. "positive finds" tümmelt sich weiterhin lustig in meinem Browser. |
01.03.2015, 08:59 | #6 |
/// the machine /// TB-Ausbilder | Ich bekomme "positive finds ads" nicht von meinem Rechner Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Ich bekomme "positive finds ads" nicht von meinem Rechner |
02.03.2015, 21:26 | #7 |
| Ich bekomme "positive finds ads" nicht von meinem Rechner Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015 Ran by Babsy at 2015-03-02 18:48:49 Run:1 Running from C:\Users\Babsy\Downloads Loaded Profiles: UpdatusUser & Babsy (Available profiles: UpdatusUser & Babsy & Miriam) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx Emptytemp: ***************** "HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. EmptyTemp: => Removed 3 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:49:44 ==== ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=cc3b72ba5226c241af580427a4db07c2 # engine=22716 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-02 08:04:02 # local_time=2015-03-02 09:04:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1296 16777213 100 100 11599 29399324 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 9181634 21088494 0 0 # scanned=448025 # found=169 # cleaned=0 # scan_time=7550 sh=C35A0B3AF06F6AD199122599237B5AA67CEEB876 ft=1 fh=f14327a1ad7f7876 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99OONBEX\SPSetup[1].exe" sh=BEEE8DD701FEBCFC69D755CB07D7FD9A89245E81 ft=1 fh=eb68ac25d112c457 vn="Win32/DownWare.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5L27QL\QuickShare1[1].exe" sh=F61C6750D1032B04DFBEA218AE579B30A1DD1F45 ft=1 fh=e0df02dd5fbc1171 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5L27QL\SPSetup[1].exe" sh=E4FB40EE4A27E5C6975E9C3585EB745C8B05D824 ft=1 fh=3a0430aa6a25e0aa vn="Win32/InstallMonetizer.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXS6558P\MyPhoneExplorer_v2_5185[1].exe" sh=780B558BAFED2423FB54F8D9B05599018E80AF87 ft=1 fh=845e21fd0df02840 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEX2KX60\SPIdentifierImpl[1].exe" sh=E0C5DA830661148F1D2401700F094155E38A2BA0 ft=1 fh=53f7a24e2a3a886d vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\BackupSetup.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsb7BD8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nscD56F.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nscDAEC.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nscEEF8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nse37C0.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nseDEE.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nshEB6E.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsj15AC.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsm76E8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsn22B7.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsqDE70.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsr7FDF.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nss1E43.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu1DD8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2FD3.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu4097.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nswE8D1.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsx25B4.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsxE739.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\SearchProtectINT.exe" sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\is-S9096.tmp\OptProCrash.dll" sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\is1590112554\1140866_stp\wajam_validate.exe" sh=EEB9942CA0AF1E4A9BB315450F784D8540256BBF ft=1 fh=3eb841d346883bd3 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\is1590112554\1141134_stp\rcpsetup_adppi14_adppi14.exe" sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\Cloud_Backup_Setup.exe" sh=F5F973DA9E1ACB7CA961E4DD91E98694E80F7CD6 ft=1 fh=43e54f3d5cc39dd7 vn="Variante von Win32/AdWare.SpeedingUpMyPC.E Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\OptimizerPro.exe" sh=C2E80D7ACE2C40EF44AC4D43B3DC660A903BC38A ft=1 fh=fb1ed1681c27a0f5 vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\plus-hd.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\sp-downloader.exe" sh=3C2B223177349FB007AF167729C5D0DB484C861A ft=1 fh=c71c0011b0d87986 vn="Variante von Win32/Packed.VMDetector.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\InstallerUtils.dll" sh=9182E67F5994BF459CBAE7CC5F654CB45D017952 ft=1 fh=ea6774b849c31470 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\temp_file_after.tmp" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\102_dealply_m.js" sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\103_intext_5_m.js" sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\104_jollywallet_m.js" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\105_corticas_m.js" sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\119_similar_web_m.js" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\120_luck_m.js" sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\123_intext_adv_m.js" sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\178_revizer_ws_dynamic_m.js" sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\179_revizer_p_dynamic_m.js" sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\180_bpo_serp_m.js" sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\184_noproblemppc_m.js" sh=28EF3B09E284C4A1F530AE035D9CF94E12BD2A97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\195_icm_convertmedia_m.js" sh=F545986C4CEA1996E51779B9B8DE73F3C8DF8834 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\91_monetizationLoader.js.js" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\93_superfish_no_coupons_m.js" sh=68DDE6C5E816026ACEED02FBC42C1C9CD38B7D82 ft=1 fh=efdca4cbebc8ab77 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsz173F.tmp\Odavd.exe" sh=2E2745DC773684B600D7A512BE9EAFE418010450 ft=1 fh=55f3366dfb67887b vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\nsz173F.tmp\WrapperUtils.dll" sh=1E429FCB81FCCE774B444CB838AD2FCFF33FECFE ft=1 fh=0986a4e3f9e8f7af vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\QS\Installer.exe" sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Local\Temp\{A69ED72B-82C9-4046-A24D-3321E5876601}\setup.exe" sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Desktop\Babsy\AppData\Roaming\OpenCandy\9987F0FCDE22413B9B50D1C19DB92DD2\SSStub_SearchProtect_p1v0.exe" sh=9CC13F62ABB3742FBD16D04269FA22A2B90258ED ft=1 fh=44b77f281f0f3dab vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Downloads\stapelverarbeitung-Downloader.exe" sh=95F247FBED0A585472289DEF0965D9F3FC886D93 ft=1 fh=130bd2b27b8cbcfc vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Downloads\Downloads\SoftonicDownloader_fuer_activity-report-arbeitszeiterfassung.exe" sh=82BB7B892ACC98F0B80E002409B86FD19C2A273A ft=1 fh=a4a62132d03d5705 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Babsy\Downloads\Downloads\SoftonicDownloader_fuer_photoscape.exe" sh=5A77C9277CCB02D4070BB3EB29A7E54A39B075E0 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner" ac=I fn="F:\Miris Ordner\Miris Ordner\Eigene Musik\LimeWire\Incomplete\T-5088466-bon jovi[256k quality].snd" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\genienext\nengine.dll" sh=C35A0B3AF06F6AD199122599237B5AA67CEEB876 ft=1 fh=f14327a1ad7f7876 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99OONBEX\SPSetup[1].exe" sh=BEEE8DD701FEBCFC69D755CB07D7FD9A89245E81 ft=1 fh=eb68ac25d112c457 vn="Win32/DownWare.N evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5L27QL\QuickShare1[1].exe" sh=88A6A7212F83D097FC8CCDF494143F5FA4EB7EB3 ft=1 fh=ea5b6ce635158da4 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5L27QL\SearchProtectINTSetup[1].exe" sh=F61C6750D1032B04DFBEA218AE579B30A1DD1F45 ft=1 fh=e0df02dd5fbc1171 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5L27QL\SPSetup[1].exe" sh=E4FB40EE4A27E5C6975E9C3585EB745C8B05D824 ft=1 fh=3a0430aa6a25e0aa vn="Win32/InstallMonetizer.AZ evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXS6558P\MyPhoneExplorer_v2_5185[1].exe" sh=780B558BAFED2423FB54F8D9B05599018E80AF87 ft=1 fh=845e21fd0df02840 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEX2KX60\SPIdentifierImpl[1].exe" sh=ED68964EFBAE1C2E9445DDF2CF1F79475C1107FB ft=1 fh=cf7db29712aef14c vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEX2KX60\SPSetup[1].exe" sh=E0C5DA830661148F1D2401700F094155E38A2BA0 ft=1 fh=53f7a24e2a3a886d vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\BackupSetup.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsb7BD8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nscD56F.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nscDAEC.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nscEEF8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nse37C0.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nseDEE.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nshEB6E.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsj15AC.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsm76E8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsn22B7.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsqDE70.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsr7FDF.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nss1E43.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu1DD8.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2FD3.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu4097.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nswE8D1.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsx25B4.exe" sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsxE739.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\SearchProtectINT.exe" sh=5856340C910AC361B973F4CF2D2F5F38F3102B79 ft=1 fh=7e66dfbed648d5db vn="Variante von Win32/Kryptik.PNZ Trojaner" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\tmp2F51.tmp.exe" sh=CF25A656879C2E615B7E460321E708660FF18A98 ft=1 fh=8c0dc2a188905945 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\VIS_DE-2013-12-13.exe" sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\is-S9096.tmp\OptProCrash.dll" sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\is1590112554\1140866_stp\wajam_validate.exe" sh=8C7D3311B74C44B2232EA251E97E492E24B76F4F ft=1 fh=39118eedd89478df vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\is1590112554\1141125_stp\Mobogenie_Setup_UN.exe" sh=EEB9942CA0AF1E4A9BB315450F784D8540256BBF ft=1 fh=3eb841d346883bd3 vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\is1590112554\1141134_stp\rcpsetup_adppi14_adppi14.exe" sh=700B302E474F31239C88ACDAD684F08FC5EAF53B ft=1 fh=511c71efddb6de59 vn="Variante von Win32/DomaIQ.AT evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\parent.txt" sh=472C7BF448B9934939AD43B689616C9CBC0FDD17 ft=1 fh=dbc72aa5198a70dd vn="Variante von MSIL/DomaIQ.J evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\zyajurcxzjhequ.exe" sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\Cloud_Backup_Setup.exe" sh=4685BE449DDF06BE18E0EB86EE214CA72AC4A804 ft=1 fh=36b3b1ff5018906c vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\Mobogenie_Setup_2.1.35_602.exe" sh=9B1B200D0F5D75A44ADBB0B87528778DED9A422F ft=1 fh=3d7c91a68ef114ba vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\New_Player.exe" sh=F5F973DA9E1ACB7CA961E4DD91E98694E80F7CD6 ft=1 fh=43e54f3d5cc39dd7 vn="Variante von Win32/AdWare.SpeedingUpMyPC.E Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\OptimizerPro.exe" sh=C2E80D7ACE2C40EF44AC4D43B3DC660A903BC38A ft=1 fh=fb1ed1681c27a0f5 vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\plus-hd.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\kjxdinwnwrlqgu\software\sp-downloader.exe" sh=3C2B223177349FB007AF167729C5D0DB484C861A ft=1 fh=c71c0011b0d87986 vn="Variante von Win32/Packed.VMDetector.C evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\InstallerUtils.dll" sh=9182E67F5994BF459CBAE7CC5F654CB45D017952 ft=1 fh=ea6774b849c31470 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\temp_file_after.tmp" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\102_dealply_m.js" sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\103_intext_5_m.js" sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\104_jollywallet_m.js" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\105_corticas_m.js" sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\119_similar_web_m.js" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\120_luck_m.js" sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\123_intext_adv_m.js" sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\178_revizer_ws_dynamic_m.js" sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\179_revizer_p_dynamic_m.js" sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\180_bpo_serp_m.js" sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\184_noproblemppc_m.js" sh=28EF3B09E284C4A1F530AE035D9CF94E12BD2A97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\195_icm_convertmedia_m.js" sh=F545986C4CEA1996E51779B9B8DE73F3C8DF8834 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\91_monetizationLoader.js.js" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsu2E96.tmp\extensionData\plugins\93_superfish_no_coupons_m.js" sh=68DDE6C5E816026ACEED02FBC42C1C9CD38B7D82 ft=1 fh=efdca4cbebc8ab77 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsz173F.tmp\Odavd.exe" sh=2E2745DC773684B600D7A512BE9EAFE418010450 ft=1 fh=55f3366dfb67887b vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\nsz173F.tmp\WrapperUtils.dll" sh=1E429FCB81FCCE774B444CB838AD2FCFF33FECFE ft=1 fh=0986a4e3f9e8f7af vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\QS\Installer.exe" sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="F:\sicherung\Users\Babsy\AppData\Local\Temp\{A69ED72B-82C9-4046-A24D-3321E5876601}\setup.exe" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Roaming\newnext.me\nengine.dll" sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\AppData\Roaming\OpenCandy\9987F0FCDE22413B9B50D1C19DB92DD2\SSStub_SearchProtect_p1v0.exe" sh=32093EA1F3064D47C0B2A293B186EB93AA462EBF ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.BESX Trojaner" ac=I fn="F:\sicherung\Users\Babsy\Downloads\adobe_www_ordineavvocativarese.zip" sh=CB2944AE1A1977A899538F1065F9D1211C2AEA03 ft=1 fh=013aeab0cb55a839 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\MyPhoneExplorer_Setup_1.8.5_pcwelt.exe" sh=700B302E474F31239C88ACDAD684F08FC5EAF53B ft=1 fh=511c71efddb6de59 vn="Variante von Win32/DomaIQ.AT evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\Setup (1).exe" sh=95F247FBED0A585472289DEF0965D9F3FC886D93 ft=1 fh=130bd2b27b8cbcfc vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\SoftonicDownloader_fuer_activity-report-arbeitszeiterfassung.exe" sh=82BB7B892ACC98F0B80E002409B86FD19C2A273A ft=1 fh=a4a62132d03d5705 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\SoftonicDownloader_fuer_photoscape.exe" sh=A1810A84E74C8A3AB3BDAF9C839A6580B7A56B43 ft=1 fh=7b8d21dc0a33fef3 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\SoftonicDownloader_fuer_recuva.exe" sh=8B82B35C9FA03A844D8CABD3E9AF38E8073673A6 ft=1 fh=c71c0011a690536d vn="Variante von Win32/InstallCore.GZ evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Babsy\Downloads\ZipExtractorSetup.exe" sh=3BA752D7C6B4DF125DABAC10F4581B3CA0E4322A ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\blabbers-ff-le.xpi" sh=63F67E84D2A1B71B00D8CDF3471E3A04FEFDE19D ft=1 fh=315a83e2b9f2c9ed vn="Win32/BrowserCompanion evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\g377_sf_de.exe" sh=84FD6F4EF2F85EA2FDE456C0B32A6321F3184BCF ft=1 fh=02c93ad04c0140bb vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\ICReinstall_tmp80F2.tmp.exe" sh=79AF6A5836979FFE148181679603145EBCA84CEC ft=1 fh=c71c00110dcb3073 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\installhelper.dll" sh=6160D7E55C91DD36A3D48D07B525BB9F238C20E0 ft=1 fh=6378d94e0742c92e vn="Variante von Win32/Toolbar.Babylon.L evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\MyDelta_sftnc.exe" sh=A077EB07D2CF5644F8BCDDB0275D4D218B0B5CBF ft=1 fh=50b5d883a87ef39e vn="Win32/Adware.Bandoo Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\nsu4942.tmp.exe" sh=D2C5BBB4CD52FF1F63CB84FF7E6EA5D3F4034C5C ft=1 fh=8ebab0a3d0a12b9c vn="Win32/Packed.ScrambleWrapper.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\plus-hd-2-6.exe" sh=C35A0B3AF06F6AD199122599237B5AA67CEEB876 ft=1 fh=f14327a1ad7f7876 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\SPSetup.exe" sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\tbInc1.dll" sh=84FD6F4EF2F85EA2FDE456C0B32A6321F3184BCF ft=1 fh=02c93ad04c0140bb vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\tmp80F2.tmp.exe" sh=48CB2EBFF1265B8A0FF062B028687819E7E293FB ft=1 fh=fdf0030b74fb0e4c vn="Win32/Adware.Yontoo Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\YontooSetup-Silent.exe" sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\BabMaint.exe" sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\BExternal.dll" sh=F8038444575EE679FE4AD4CBA6E6E613774ACD8B ft=1 fh=315c344bd11af187 vn="Win32/Toolbar.Babylon.M evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\ccp.exe" sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\CrxInstaller.dll" sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\DSearchLink.exe" sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\IEHelper.dll" sh=25EA5C7F4A48D166A2006CA37B936ECA340F58ED ft=1 fh=c71c0011e4611a52 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\MntrDLLInstall.dll" sh=B609D79A551426156C8E4ED04CBFA2576F4A1C32 ft=1 fh=7911ccef469b1c77 vn="Win32/Toolbar.Babylon.J evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\MyDeltaTB.exe" sh=63B9ACAA33978D6BA181B45C51DABE9FF76B50AA ft=1 fh=75ac944de1f3f413 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\347476C3-BAB0-7891-833A-08AC86BFB2ED\Latest\Setup.exe" sh=A823D4D557D4DEAFBE264CC8760DBFE85C24C4A0 ft=1 fh=c71c001189d1b3db vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\5D5D24A7-BAB0-7891-AF4F-AE3071A47EC3\BExternal.dll" sh=E9966958672AFC5363CD47F153CA2ED0C87112DF ft=1 fh=a2f67e8360868780 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\5D5D24A7-BAB0-7891-AF4F-AE3071A47EC3\IECookieLow.dll" sh=40969E053E001937C71D74EA719F78BF9A5FEF2A ft=1 fh=9a76860661eadcce vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\5D5D24A7-BAB0-7891-AF4F-AE3071A47EC3\MyBabylonTB.exe" sh=45D1104CA6BE51EDA80B5994403E9ABD523082A3 ft=1 fh=dc60180b3d8151a5 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\5D5D24A7-BAB0-7891-AF4F-AE3071A47EC3\Setup.exe" sh=25EADB7AAD3B79E805F2734E5BB8197E299E2652 ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\b714b721-cbcd-428c-a5c6-64c7b47e96fe\LinkuryInstaller.msi" sh=7E05078CE816C31BBB4F2FDD962EB82BA3577C7E ft=1 fh=c251f1194bd84ef1 vn="Variante von Win32/Adware.Bandoo.AC Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\Bandoo.exe" sh=F0D70843F1AC024254DC4CAE874E29BF51319872 ft=1 fh=97402f72d9f7b18a vn="Variante von Win32/Adware.Bandoo.AA Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\BndCore.exe" sh=E5DC70824611C2BE886C2838839C8E9365F293C7 ft=1 fh=c71c00113598045c vn="Variante von Win32/Adware.Bandoo.AA Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\ieplugin.dll" sh=80D237E8C328EF49D7E7A9F1F800B8DF4CC648B9 ft=1 fh=2bc36c786ae061b3 vn="Variante von Win32/Adware.Bandoo.AA Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\InstallerHelper.dll" sh=B5FA979D9A95EBA8FC78E131ACA5D14F0ABB9B3E ft=1 fh=1fc9bfa3912bb354 vn="Variante von Win32/Adware.Bandoo.AA Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\msnplugin.dll" sh=F79F33A449ABB98746E9B9218F034C6B0ECF4F0A ft=1 fh=6d4b84699007bf74 vn="Variante von Win32/Adware.Bandoo.AA Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Bin\YahooPlugin.dll" sh=E9EB59C5792F5B1B43C4D11FA50E56980ECA37B0 ft=1 fh=751f51d01f2db46c vn="Win32/Adware.Bandoo Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\GLFA3B4\Static\SetupDataMngr_Searchqu.exe" sh=954EDEE56185E5EDB04ED2975831A7B3E359C355 ft=1 fh=1c1c98872e1ee540 vn="Win32/Adware.Bandoo Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\MediaBarFiles\Bin\Static\Searchqu\SearchquMediaBar.exe" sh=79AF6A5836979FFE148181679603145EBCA84CEC ft=1 fh=c71c00110dcb3073 vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\mia1\InstallHelper.dll" sh=92F853D73268BB8BD5B250B0F2FF9ABA21C48B2B ft=1 fh=80ef9c02615feea1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\MSIF207.tmp-\Smartbar.Installer.CustomActions.dll" sh=4CCCA744B3BD32E8F4C43F6611962A5CE5F3A709 ft=1 fh=cd996b0a7418b90b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\MSIF207.tmp-\Smartbar.Resources.ProductUninstaller.dll" sh=1C0C2EC185F8DFF7E73FB62667CB1CE9A29197D3 ft=1 fh=d4fb6fffa60acd5a vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Local\Temp\MSIF207.tmp-\Smartbar.Resources.SetBrowsersSettings.dll" sh=97C98A20388FD894B92FD8325545966CA945BCFB ft=1 fh=6121d07ea56d1649 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\AppData\Roaming\OpenCandy\5E81F2FD13C84FB38A843875FA63209C\Setupsft_chr_p1v7.exe" sh=D6523DBF89394D2BB36ACB726BD791C8E55FCF4D ft=1 fh=4870ebc001ef7040 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="F:\sicherung\Users\Miri\Downloads\SoftonicDownloader_fuer_ck-gruss-und-einladungskarten-designer.exe" Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Mozilla Firefox (35.0.1) Google Chrome (40.0.2214.115) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
03.03.2015, 08:28 | #8 |
/// the machine /// TB-Ausbilder | Ich bekomme "positive finds ads" nicht von meinem RechnerSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
und das frische FRST log und die Antwort auf meine Frage fehlt noch.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Ich bekomme "positive finds ads" nicht von meinem Rechner |
absoluter, ads, andere, anderen, anleitungen, diverse, fenster, finds, inter, interne, internet, landen, malwarebytes, permanent, positive, positive finds, positive finds ads, rechner, runtergeladen, seite, seiten, tagen, unterwegs |